summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBarry Warsaw2008-04-01 23:53:43 -0400
committerBarry Warsaw2008-04-01 23:53:43 -0400
commita868261c4fea9fdd25fe4b19ee3a09c32b067a2b (patch)
tree04a2f0707f4e0c6b7b8254749c27845d8e6d2d5d
parentf3b5d85f402e7696fe5834c98aded4fdf2528229 (diff)
downloadmailman-a868261c4fea9fdd25fe4b19ee3a09c32b067a2b.tar.gz
mailman-a868261c4fea9fdd25fe4b19ee3a09c32b067a2b.tar.zst
mailman-a868261c4fea9fdd25fe4b19ee3a09c32b067a2b.zip
Diffstat
-rw-r--r--docs/NEWS.txt2660
-rw-r--r--docs/OLD-NEWS.txt2835
2 files changed, 2836 insertions, 2659 deletions
diff --git a/docs/NEWS.txt b/docs/NEWS.txt
index d9fd8e8f7..e4be562ed 100644
--- a/docs/NEWS.txt
+++ b/docs/NEWS.txt
@@ -5,7 +5,7 @@ Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
Here is a history of user visible changes to Mailman.
3.0 alpha 1 -- "Leave That Thing Alone"
-(XX-XXX-200X)
+(02-Apr-2008)
User visible changes
@@ -179,2661 +179,3 @@ Here is a history of user visible changes to Mailman.
users.
- The 'adminapproved' metadata key is renamed 'moderator_approved'.
-
-
-2.1.9 (12-Sep-2006)
-
- Security
-
- - A malicious user could visit a specially crafted URI and inject an
- apparent log message into Mailman's error log which might induce an
- unsuspecting administrator to visit a phishing site. This has been
- blocked. Thanks to Moritz Naumann for its discovery.
-
- - Fixed denial of service attack which can be caused by some
- standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
-
- - Several cross-site scripting issues have been fixed. Thanks to Moritz
- Naumann for their discovery. CVE-2006-3636
-
- - Fixed an unexploitable format string vulnerability. Discovery and fix
- by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze.
- Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
-
- Internationalization
-
- - New languages: Arabic, Vietnamese.
-
- Bug fixes and other patches
-
- - Fixed Decorate.py so that characters in message header/footer which
- are not in the character set of the list's language are ignored rather
- than causing shunted messages (1507248).
-
- - Switchboard.py - Closed very tiny holes at the upper ends of queue
- slices that could result in unprocessable queue entries. Improved FIFO
- processing when two queue entries have the same timestamp.
-
-2.1.8 (15-Apr-2006)
-
- Security
-
- - A cross-site scripting hole in the private archive script of 2.1.7
- has been closed. Thanks to Moritz Naumann for its discovery.
-
- Bug fixes and other patches
-
- - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
- and several others.
-
- - Updated email library to 2.5.7 which will encode payload into qp/base64
- upon setting. This enabled backing out the scrubber related patches
- including 'X-Mailman-Scrubbed' header in 2.1.7.
-
- - Fix SpamDetect.py potential hold/reject loop problem.
-
- - A warning message from email package to the stderr can cause error
- in Logging because stderr may be detached from the process during
- the qrunner run. We chose not to output errors to stderr but to
- the logs/error if the process is running under mailmanctl subprocess.
-
- - DKIM header cleansing was separated from Cleanse.py and added to
- -owner messages too.
-
- - Fixes: Lose Topics when go directly to topics URL (1194419).
- UnicodeError running bin/arch (1395683). edithtml.py missing import
- (1400128). Bad escape in cleanarch. Wrong timezone in list archive
- index pages (1433673). bin/arch fails with TypeError (1430236).
- Subscription fails with some Language combinations (1435722).
- Postfix delayed notification not recognized (863989). 2.1.7 (VERP)
- mistakes delay notice for bounce (1421285). show_qfiles: 'str'
- object has no attribute 'as_string' (1444447). Utils.get_domain()
- wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
-
- Miscellaneous
-
- - Brad Knowles' mailman daily status report script updated to 0.0.16.
-
-2.1.7 (31-Dec-2005)
-
- Security
-
- - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
- message instead of just quietly dropping ./ and ../ from URLs.
-
- - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
- been solved in Mailman 2.1.6, there may be more cases where
- ToDigest.send_digests() can block regular delivery. We put the
- send_digests() calling part in a try/except clause and leave a message
- in the error log if something happened in send_digests(). Daily call of
- cron/senddigests will provide more detail to the site administrator.
-
- - List administrators can no longer change the user's option/subscription
- globally. Site admin can change these only if
- mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
-
- - <script> tags are HTML-escaped in the edithtml CGI script.
-
- - Since the probe message for disabled users may reach unintended
- recipients, the password is excluded from sendProbe() and probe.txt.
- Note that the default value of VERP_PROBE has been set to `No' from
- 2.1.6., thus this change doesn't affect the default behavior.
-
- New Features
-
- - Always remove DomainKey (and similar) headers from messages sent to the
- list. (1287546)
-
- - List owners can control the content filter behavior when collapsing
- multipart/alternative parts to its first subpart. This allows the
- option of letting the HTML part pass through after other content
- filtering is done.
-
- Internationalization
-
- - New language: Interlingua.
-
- Bug fixes and other patches
-
- - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
- safer operation.
-
- - Fixed the bug where Scrubber.py munges quoted-printable by introducing
- the 'X-Mailman-Scrubbed' header which marks that the payload is
- scrubber-munged. The flag is referenced in ToDigest.py, ToArchive.py,
- Decorate.py and Archiver. A similar problem in ToDigest.py where the
- plain digest is generated is also fixed.
-
- - Fixed Syslog.py to write quopri encoded messages when it fail to write
- 8-bit characters.
-
- - Fixed MTA/Postfix.py to check aliases group permission in check_perms
- and fixed mailman-install document on this matter (1378270).
-
- - Fixed private.py to go to the original URL after authorization
- (1080943).
-
- - Fixed bounce log score messages to be more consistent.
-
- - Fixed bin/remove_members to accept no arguments when both --fromall and
- --file= options are specified.
-
- - Changed cgi-bin and mail wrapper "group not found" error message to be
- more descriptive of the actual problem.
-
- - The list's ban_list now applies to address changes, admin mass
- subscribes and invites, and to confirmations/approvals of address
- changes, subscriptions and invitations.
-
- - quoted-printable and base64 encoded parts are decoded before passing to
- HTML_TO_PLAIN_TEXT_COMMAND (1367783).
-
- - Approve: header is removed from posts, and treated the same as the
- Approved: header. (1355707)
-
- - Fixed the removal of the line following Approve[d]: line in body of
- post. (1318883)
-
- - The Approve[d]: <password> header is removed from all text/* parts in
- addition the initial text/plain part. It must still be the first
- non-blank line in the first text/plain part or it won't be found or
- removed at all. (1181161)
-
- - Posts are now logged in post log file with the true sender, not
- listname-bounces. (1287921)
-
- - Correctly initialize and remember the list's default_member_moderation
- attribute in the web list creation page. (1263213)
-
- - PEP263 charset is added to the config_list output. (1343100)
-
- - Fixed header_filter_rules getting lost if accessed directly and
- authentication was needed by login page. (1230865)
-
- - Obscure email when the poster doesn't set full name in 'From:' header.
-
- - Preambles and epilogues are taken into account when calculating message
- sizes for holding purposes. (Mark Sapiro)
-
- - Logging/Logger.py unicode transform option. (1235567)
-
- - bin/update crashes with bogus files. (949117)
-
- - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
-
-2.1.6 (30-May-2005)
-
- Security
-
- - Critical security patch for path traversal vulnerability in private
- archive script (CAN-2005-0202).
-
- - Added the ability for Mailman generated passwords (both member and list
- admin) to be more cryptographically secure. See new configuration
- variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
- ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called
- reset_pw.py which can be used to reset all member passwords. Passwords
- generated by Mailman are now 8 characters by default for members, and 10
- characters for list administrators.
-
- - A potential cross-site scripting hole in the driver script has been
- closed. Thanks to Florian Weimer for its discovery. Also, turn
- STEALTH_MODE on by default.
-
- Internationalization
-
- - Chinese languages are now supported. They have been moved from 'big5'
- and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
- spec. Note, however, that the character sets were changed from 'Big5'
- or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
- Python 2.3 and earlier. You may have to install Chinese capable codecs
- (like CJKCodecs) separately to handle the incoming messages which are in
- local charsets, or upgrade your Python to 2.4 or newer.
-
- Behavior or defaults changes
-
- - VERP_PROBES is disabled by default.
-
- - bin/withlist can be run without a list name, but only if -i is given.
- Also, withlist puts the directory it's found in at the end of sys.path,
- making it easier to run withlist scripts that live in $prefix/bin.
-
- - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
- lets the user provide the web and email hostnames for the new mailing
- list. This is a better way to specify the domain for the list, rather
- than the old 'mylist@hostname' syntax (which is still supported for
- backward compatibility, but deprecated).
-
- Compatibility
-
- - Python 2.4 compatibility issue: time.strftime() became strict about the
- 'day of year' range. (1078482)
-
- New Features
-
- - New feature: automatic discards of held messages. List owners can now
- set how many days to hold the messages in the moderator request queue.
- cron/checkdb will automatically discard old messages. See the
- max_days_to_hold variable in the General Options and
- DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py. This defaults to 0
- (i.e. disabled). (790494)
-
- - New feature: subject_prefix can be configured to include a sequence
- number which is taken from the post_id variable. Also, the prefix is
- always put at the start of the subject, i.e. "[list-name] Re: original
- subject", if mm_cfg.OLD_STYLE_PREFIXING is set No. The default style
- is "Re: [list-name]" if numbering is not set, for backward compatibility.
- If the list owner is using numbering feature by "%d" directive, the new
- style, "[list-name 123] Re:", is always used.
-
- - List owners can now cusomize the non-member rejection notice from
- admin/<listname>/privacy/sender page. (1107169)
-
- - Allow editing of the welcome message from the admin page (1085501).
-
- - List owners can now use Scrubber to get the attachments scrubbed (held
- in the web archive), if the site admin permits it in mm_cfg.py. New
- variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
- SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
- behavior. (904850)
-
- Documentation
-
- - Most of the installation instructions have been moved to a latex
- document. See admin/www/mailman-install/index.html for details.
-
- Bug fixes and other patches
-
- - Mail-to-news gateway now strips subject prefix off from a response
- by a mail user if news_prefix_subject_too is not set.
-
- - Date and Message-Id headers are added for digests. (1116952)
-
- - Improved mail address sanity check. (1030228)
-
- - SpamDetect.py now checks attachment header. (1026977)
-
- - Filter attachments by filename extensions. (1027882)
-
- - Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
- 1020013 (fix spam filter removed), 665569 (newer Postfix bounce
- detection), 970383 (moderator -1 admin requests pending), 873035
- (subject handling in -request mail), 799166/946554 (makefile
- compatibility), 872068 (add header/footer via unicode), 1032434
- (KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
- (fix pipermail URL), 948152 (Out of date link on Docs), 1099138
- (Scrubber.py breaks on None part), 1099840/1099840 (deprecated %
- insertion), 880073/933762 (List-ID RFC compliance), 1090439 (passwd
- reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
- 1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
- permission after editing html)
-
-2.1.5 (15-May-2004)
-
- - The admindb page has a checkbox that allows you to discard all held
- messages that are marked Defer. On heavy lists with lots of spam holds,
- this makes clearing them much faster.
-
- - The qrunner system has changed to use only one file per message.
- However the configuration variable METADATA_FORMAT has been removed, and
- support for SAVE_MSGS_AS_PICKLES has been changed. The latter no longer
- writes messages as plain text. Instead, they are stored as pickles of
- plain strings, using the text pickle format. This still makes them
- non-binary files readable and editable by humans.
-
- bin/dumpdb also works differently. It will print out the entire pickle
- file (with more verbosity) and if used with 'python -i', it binds msg to
- a list of all objects found in the pickle file.
-
- Removed from Defaults.py: PENDINGDB_LOCK_TIMEOUT,
- PENDINGDB_LOCK_ATTEMPTS, METAFMT_MARSHAL, METAFMT_BSDDB_NATIVE,
- METAFMT_ASCII, METADATA_FORMAT
-
- - The bounce processor has been redesigned so that now when an address's
- bounce score reaches the threshold, that address will be sent a probe
- message. Only if the probe bounces will the address be disabled. The
- score is reset to zero when the probe is sent. Also, bounce events are
- now kept in an event file instead of in memory. This should help
- contain the bloat of the BounceRunner.
-
- New supporting variables in Defaults.py: VERP_PROBE_FORMAT,
- VERP_PROBE_REGEXP
-
- REGISTER_BOUNCES_EVERY is promoted to a Defaults.py variable.
-
- - The pending database has been changed from a global pickle file, to a
- unique pickle file per mailing list.
-
- - The 'request' database file has changed from a marshal, to the more
- secure pickle format.
-
- - Disallow multiple password retrievals.
-
- - SF patch #810675 which adds a "Discard all messages marked Defer" button
- for faster admindb maintenance.
-
- - The email package is updated to version 2.5.5.
-
- - New language: Turkish.
-
- - Bugs and patches: 869644, 869647 (NotAMemberError for old cookie data),
- 878087 (bug in Slovenian catalog), 899263 (ignore duplicate pending
- ids), 810675 (discard all defers button)
-
-2.1.4 (31-Dec-2003)
-
- - Close some cross-site scripting vulnerabilities in the admin pages
- (CAN-2003-0965).
-
- - New languages: Catalan, Croatian, Romanian, Slovenian.
-
- - New mm_cfg.py/Defaults.py variable PUBLIC_MBOX which allows the site
- administrator to disable public access to all the raw list mbox files
- (this is not a per-list configuration).
-
- - Expanded header filter rules under Privacy -> Spam Filters. Now you can
- specify regular expression matches against any header, with specific
- actions tied to those matches.
-
- - Rework the SMTP error handling in SMTPDirect.py to avoid scoring bounces
- for all recipients when a permanent error code is returned by the mail
- server (e.g. because of content restrictions).
-
- - Promoted SYNC_AFTER_WRITE to a Default.py/mm_cfg.py variable and
- make it control syncing on the config.pck file. Also, we always flush
- and sync message files.
-
- - Reduce archive bloat by not storing the HTML body of Article objects in
- the Pipermail database. A new script bin/rb-archfix was added to clean
- up older archives.
-
- - Proper RFC quoting for List-ID descriptions.
-
- - PKGDIR can be passed to the make command in order to specify a different
- directory to unpack the distutils packages in misc. (SF bug 784700).
-
- - Improved logging of the origin of subscription requests.
-
- - Bugs and patches: 832748 (unsubscribe_policy ignored for unsub button on
- member login page), 846681 (bounce disabled cookie was always out of
- date), 835870 (check VIRTUAL_HOST_OVERVIEW on through the web list
- creation), 835036 (global address change when the new address is already
- a member of one of the lists), 833384 (incorrect admin password on a
- hold message confirmation attachment would discard the message), 835012
- (fix permission on empty archive index), 816410 (confirmation page
- consistency), 834486 (catch empty charsets in the scrubber), 777444 (set
- the process's supplemental groups if possible), 860135 (ignore
- DiscardMessage exceptions during digest scrubbing), 828811 (reduce
- process size for list and admin overviews), 864674/864676 (problems
- accessing private archives and rosters with admin password), 865661
- (Tokio Kikuchi's i18n patches), 862906 (unicode prefix leak in admindb),
- 841445 (setting new_member_options via config_list), n/a (fixed email
- command 'set delivery')
-
-2.1.3 (28-Sep-2003)
-
- Performance, Reliability, Security
-
- - Closed a cross-site scripting exploit in the create cgi script.
-
- - Improvements in the performance of the bounce processor.
- Now, instead of processing each bounce immediately (which
- can cause severe lock contention), bounce events are queued.
- Every 15 minutes by default, the queued bounce events are
- processed en masse, on a list-per-list basis, so that each
- list only needs to be locked once.
-
- - When some or all of a message's recipients have temporary
- delivery failures, the message is moved to a "retry" queue.
- This queue wakes up occasionally and moves the file back to
- the outgoing queue for attempted redelivery. This should
- fix most observed OutgoingRunner 100% cpu consumption,
- especially for bounces to local recipients when using the
- Postfix MTA.
-
- - Optional support for fsync()'ing qfile data after writing.
- Under some catastrophic system failures (e.g. power lose),
- it would be possible to lose messages because the data
- wasn't sync'd to disk. By setting SYNC_AFTER_WRITE to True
- in Mailman/Queue/Switchboard.py, you can force Mailman to
- fsync() queue files after flushing them. The benefits are
- debatable for most operating environments, and you must
- ensure that your Python has the os.fsync() function defined
- before enabling this feature (it isn't, even on all
- Unix-like operating systems).
-
- Internationalization
-
- - New languages Ukrainian, Serbian, Danish, Euskara/Basque.
-
- - Fixes to template lookup. Lists with local overriding
- templates would find the wrong template.
-
- - .mo files (for internationalization) are now generated at
- build time instead of coming as part of the source
- distribution.
-
- Documentation
-
- - A first draft of member documentation by Terri Oda. There
- is also a Japanese translation of this manual by Ikeda Soji.
-
- Archiver / Pipermail
-
- - In the configuration variables PUBLIC_EXTERNAL_ARCHIVER, and
- PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been added to
- the list of allowable substitution variables.
-
- - The timezone is now taken into account when figuring the
- posting date for an article.
-
- Scripts / Cron
-
- - Fixes to cron/disabled for NotAMemberError crashes.
-
- - New script bin/show_qfiles which prints the contents of .pck
- message files. New script bin/discard which can be used to
- mass discard held messages.
-
- - Fixes to cron/mailpasswds to account for old password-less
- subscriptions.
-
- - bin/list_members has grown two new options: --invalid/-i
- prints only the addresses in the member database that are
- invalid (which could have snuck in via old releases);
- --unicode/-u prints addresses which are stored as Unicode
- objects instead of as normal strings.
-
- Miscellaneous
-
- - Fixes to problems in some configurations where Python wouldn't
- be able to find its standard library.
-
- - Fixes to the digest which could cause MIME-losing missing
- newlines when parts are scrubbed via the content filters.
-
- - In the News/Mail gateway admin page, the configuration variable
- nntp_host can now be a name:port pair.
-
- - When messages are pulled from NNTP, the member moderation checks
- are short-circuited.
-
- - email 2.5.4 is included. This fixes an RFC 2231 bug, among
- possibly others.
-
- - Fixed some extra spaces that could appear in the List-ID header.
-
- - Fixes to ensure that invalid email addresses can't be invited.
-
- - WEB_LINK_COLOR in Defaults.py/mm_cfg.py should now work.
-
- - Fixes so that shunted message file names actually match
- those logged in log/errors.
-
- - An improved pending action cookie generation algorithm has
- been added.
-
- - Fixes to the DSN bounce detector.
-
- - The usual additional u/i, internationalization, unicode, and
- other miscellaneous fixes.
-
-2.1.2 (22-Apr-2003)
-
- - New languages Portuguese (Portugal) and Polish.
-
- - Many convenient constants have been added to the Defaults.py
- module to (hopefully) make it more readable.
-
- - Email addresses which contain 8-bit characters in them are now
- rejected and won't be subscribed. This is not the same as 8-bit
- characters in the realname, which is still allowed.
-
- - The X-Originating-Email header is removed for anonymous lists.
- Hotmail apparently adds this header.
-
- - When running make to build Mailman, you can specify $DESTDIR to
- the install target to specify an alternative location for
- installation, without influencing the paths stored in
- e.g. Defaults.py. This is useful to package managers.
-
- - New Defaults.py variable DELIVERY_RETRY_WAIT which controls how
- long the outgoing qrunner will wait before it retries a
- tempfailure delivery.
-
- - The semantics for the extend.py hook to MailList objects has
- changed slightly. The hook is now called before attempting to
- lock and load the database.
-
- - Mailman now uses the email package version 2.5.1
-
- - bin/transcheck now checks for double-%'s
-
- - bin/genaliases grew a -q / --quiet flag
-
- - cron/checkdbs grew a -h / --help option.
-
- - The -c / --change-msg option has been removed from bin/add_members
-
- - bin/msgfmt.py has been added, taken from Python 2.3's Tools/i18n
- directory. The various .mo files are now no longer distributed
- with Mailman. They are generated at build time instead.
-
- - A new file misc/sitelist.cfg which can be used with
- bin/config_list provides a small number of recommended settings
- for your site list. Be sure to read it over before applying!
- sitelist.cfg is installed into the data directory.
-
- - Many bug fixes, including these SourceForge bugs closed and
- patches applied: 677668, 690448, 700538, 700537, 673294, 683906,
- 671294, 522080, 521124, 534297, 699900, 697321, 695526, 703941,
- 658261, 710678, 707608, 671303, 717096, 694912, 707624, 716755,
- 661138, 716754, 716702, 667167, 725369, 726415
-
-
-2.1.1 (08-Feb-2003)
-
- Lots of bug fixes and language updates. Also:
-
- - Closed a cross-site scripting vulnerability in the user options page.
-
- - Restore the ability to control which headers show up in messages
- included in plaintext and MIME digests. See the variables
- PLAIN_DIGEST_KEEP_HEADERS and MIME_DIGEST_KEEP_HEADERS in
- Defaults.py.
-
- - Messages included in the plaintext digests are now sent through
- the scrubber to remove (and archive) attachments. Otherwise,
- attachments would screw up plaintext digests. MIME digests
- include the attachments inline.
-
-2.1 final (30-Dec-2002)
-
- Last minute bug fixes and language updates.
-
-2.1 rc 1 (24-Dec-2002)
-
- Bug fixes and language updates. Also,
-
- - Lithuanian support has been added.
-
- - bin/remove_members grew --nouserack and --noadminack switches
-
- - configure now honors --srcdir
-
-2.1 beta 6 (09-Dec-2002)
-
- Lots and lots of bug fixes, and translation updates. Also,
-
- - ARCHIVER_OBSCURES_EMAILADDRS is now set to true by default.
-
- - QRUNNER_SAVE_BAD_MESSAGES is now set to true by default.
-
- - Bounce messages which were recognized, but in which no member
- addresses were found are no longer forwarded to the list
- administrator.
-
- - bin/arch grew a --wipe option which first removes the entire old
- archive before regenerating the new one.
-
- - bin/mailmanctl -u now prints a warning that permission problems
- could appear, such as when trying to delete a list through the
- web that has some archives in it.
-
- - bin/remove_members grew --nouserack/-n and -noadminack/-N options.
-
- - A new script bin/list_owners has been added for printing out
- list owners and moderators.
-
- - Dates in the web version of archived messages are now relative
- to the local timezone, and include the timezone names, when
- available.
-
-2.1 beta 5 (19-Nov-2002)
-
- As is typical for a late beta release, this one includes the usual
- bug fixes, tweaks, and massive new features (just kidding).
-
- IMPORTANT: If you are using Pipermail, and you have any archives
- that were created or added to in 2.1b4, you will need to run
- bin/b4b5-archfix, followed by bin/check_perms to fix some serious
- performance problems. From you install directory, run
- "bin/b4b5-archfix --help" for details.
-
- - The personalization options have been tweaked to provide more
- control over mail header and decoration personalizations. In
- 2.1b4, when personalization was enabled, the To and Cc headers
- were always overwritten. But that's usually not appropriate for
- anything but announce lists, so now these headers aren't changed
- unless "Full personalization" is enabled.
-
- - You now need to go to the General category to enable emergency
- moderation.
-
- - The order of the hold modules in the GLOBAL_PIPELINE has
- changed, again. Now Moderate comes before Hold.
-
- - Estonian language support has been added.
-
- - All posted messages should now get decorated with headers and
- footers in a MIME-safe way. Previously, some MIME type messages
- didn't get decorated at all.
-
- - bin/arch grew a -q/--quiet option
-
- - bin/list_lists grew a -b/--bare option
-
-2.1 beta 4 (26-Oct-2002)
-
- The usual assortment of bug fixes and language updates, some u/i
- tweaks, as well as the following:
-
- - Configuring / building / installing
- o Tightened up some configure checks; it will now bark loudly
- if you don't have the Python distutils package available
- (some Linux distros only include distutils in their "devel"
- packages).
-
- o Mailman's username/group security assertions are now done by
- symbolic name instead of numeric id. This provides a level
- of indirection that makes it much easier to move or package
- Mailman. --with-mail-gid and --with-cgi-gid are retained,
- but they control the group names used instead.
-
- - Command line scripts
- o A new script, bin/transcheck that language teams can use to
- check their .po files.
-
- o bin/list_members grew a --fullnames/-f option to print the
- full names along with the addresses.
-
- o cron/senddigests grew --help/-h and --listname/-l options.
-
- o bin/fix_url.py grew some command line options to support moving
- a list to a specific virtual domain.
-
- - Pipermail / archiving
- o Reworked the directory layout for archive attachments to be
- less susceptible to inode overload. Attachments are now
- placed in
-
- archives/private/<listname>/attachments/<YYYYMMDD>/<msgidhash>
-
- o Internationalization support in the archiver has been improved.
-
- - Internationalization
- o New languages: Swedish.
-
- - Mail handling
- o Content filtering now has a pass_mime_type variable, which
- is a whitelist of MIME types to allow in postings. See the
- details of the variable in the Content Filtering category
- for more information.
-
- o If a member has enabled their DontReceiveDuplicates option,
- we'll also strip their addresses from the Cc headers in the
- copy of the message sent to the list. This helps keep the
- Cc lines from growing astronomically.
-
- o Bounce messages are now forwarded to the list administrators
- both if they are unrecognized, and if no list member's
- address could be extracted.
-
- o Content filtering now has a filter_action variable which
- controls what happens when a message matches the content
- filter rules. The default is still to discard the message.
-
- o When searching for an Approve/Approved header, the first
- non-whitespace line of the body of the message is also
- checked, if the body has a MIME type of text/plain.
-
- o If a list is personalized, and the list's posting address is
- not included in a Reply-To header, the posting address is
- copied into a Cc header, otherwise there was no (easy) way a
- recipient could reply back to the list.
-
- o Added a MS Exchange bounce recognizer.
-
- o New configuration variable news_moderation which allows the
- mail->news gateway to properly post to moderated newsgroups.
-
- o Messages sent to a list's owners now comes from the site
- list to prevent mail loops when list owners or moderators
- having bouncing addresses.
-
- - Miscellaneous
- o mailanctl prevents runaway restarts by imposing a maximum
- restart value (defaulting to 10) for restarting the
- qrunners. If you hit this limit, do "mailmanctl stop"
- followed by "mailmanctl start".
-
- o The Membership Management page's search feature now includes
- searching on members real names.
-
- o The start of a manual for list administrators is given in
- Python HOWTO format (LaTeX). It's in doc/mailman-admin.tex
- but it still needs lots of fleshing out.
-
- o More protections against creating a list with an invalid name.
-
-2.1 beta 3 (09-Aug-2002)
-
- The usual assortment of bug fixes and language updates.
-
- - New languages: Dutch, Portuguese (Brazil)
-
- - New configure script options: --with-mailhost, --with-urlhost,
- --without-permcheck. See ./configure --help for details.
-
- - The encoding of Subject: prefixes is controlled by a new list
- option encode_ascii_prefixes. This is useful for languages with
- character sets other than us-ascii. See the Languages admin
- page for details.
-
- - A new list option news_prefix_subject_too controls whether
- postings gated from mail to news should have the subject prefix
- added to their Subject: header.
-
- - The algorithm for upgrading the moderation controls for a
- Mailman 2.0.x list has changed. The change should be
- transparent, but you'll want to double check the moderation
- controls after upgrading from MM2.0.x. This should have no
- effect for upgrades from a previous MM2.1 beta.
-
- See the UPGRADING file for details.
-
- - On the Mass Subscribe admin page, a text box has been added so
- that the admin can add a custom message to be prepended to the
- welcome/invite notification.
-
- - On the admindb page, a link is included to more easily reload
- the page.
-
- - The Sendmail.py delivery module is sabotaged so that it can't be
- used naively. You need to read the comments in the file and
- edit the code to use this unsafe module.
-
- - When a member sends a `help' command to the request address,
- the url to their options page is included in the response.
-
- - Autoresponses, -request command responses, and posting hold
- notifications are inhibited for any message that has a
- Precedence: {bulk|list|junk} header. This is to avoid mail
- loops between email 'bots. If the original message has an
- X-Ack: yes header, the response is sent.
-
- Responses are also limited to a maximum number per day, as
- defined in the site variable MAX_AUTORESPONSES_PER_DAY. This is
- another guard against 'bot loops, and it defaults to 10.
-
- - When a Reply-To: header is munged to include both the original
- and the list address, the list address is always added last.
-
- - The cron/mailpasswds script has grown a -l/--listname option.
-
- - The cron/disabled script has grown options to send out
- notifications for reasons other than bounce-disabled. It has
- also grown a -f/--force option. See cron/disabled --help for
- details.
-
- - The bin/dumpdb script has grown a -n/--noprint option.
-
- - An experimental new mechanism for processing incoming messages
- has been added. If you can configure your MTA to do qmail-style
- Maildir delivery, Mailman now has a MaildirRunner qrunner. This
- may turn out to be much more efficient and scalable, but for
- MM2.1, it will not be officially supported. See Defaults.py.in
- and Mailman/Queue/MaildirRunner.py for details.
-
-2.1 beta 2 (05-May-2002)
-
- Lots of bug fixing, and the following new features and changes:
-
- - A "de-mime" content filter feature has been added. This
- oft-requested feature allows you to specify MIME types that
- Mailman should strip off of any messages before they're posted
- to the list. You can also optionally convert text/html to
- text/plain (by default, through lynx if it's available).
-
- - Changes to the way the RFC 2919 and 2369 headers (i.e. the
- List-*: headers) are added:
- o List-Id: is always added
- o List-Post:, List-Help:, List-Subscribe:,
- List-Unsubscribe:, and List-Archive: are only added to
- posting messages.
- o X-List-Administrivia: is only added to messages Mailman
- creates and sends out of its own accord.
-
- Also, if the site administrator allows it, list owners can
- suppress the addition of all the List-*: headers. List owners
- can also separately suppress the List-Post: header for
- announce-only lists.
-
- - A new framework for email commands has been added. This allows
- you to easily add, delete, or change the email commands that
- Mailman understands, on a per-site, per-list, or even per-user
- basis.
-
- - Users can now change their digest delivery type from MIME to
- plain text globally, for all lists they are subscribed to.
-
- - No language select pulldowns are shown if the list only supports
- one language.
-
- - More mylist-admin eradication.
-
- - Several performance improvements in the bounce qrunner, one of
- which is to make it run only once per minute instead of once per
- second.
-
- - Korean language support as been added.
-
- - Gatewaying from news -> mail uses its connections to the nntpd
- more efficiently.
-
- - In bin/add_members, -n/--non-digest-members-file command line
- switch is deprecated in favor of -r/--regular-members-file.
-
- - bin/sync_members grew a -g/--goodbye-msg switch.
-
-2.1 beta 1 (16-Mar-2002)
-
- In addition to the usual bug fixes, performance improvements, and
- GUI changes, here are the highlights:
-
- - MIME and other message handling
- o More robustness against badly MIME encapsulated messages: if
- a MessageParseError is raised during the initial parse, the
- message can either be discarded or saved in qfiles/bad,
- depending on the value of the new configuration variable
- QRUNNER_SAVE_BAD_MESSAGES.
-
- o There is a new per-user option that can be used to avoid
- receipt of extra copies, when a member of the list is also
- explicitly CC'd.
-
- o Always add an RFC 2822 Date: header if missing, since not
- all MTAs insert one automatically.
-
- o The Sender: and Errors-To: headers are no longer added to
- outgoing messages.
-
- o Headers and footers are always added by concatenation, if
- the message is not MIME and if the list's charset is a
- superset of us-ascii.
-
- - List administration
- o An `invitation' feature has been added. This is selectable
- as a radio button on the mass subscribe page. When
- selected, users are invited to join instead of immediately
- joined, i.e. they get a confirmation message.
-
- o You can now enable and disable list owner notifications for
- disabled-due-to-bouncing and removal-due-to-bouncing
- actions. The site config variables
- DEFAULT_BOUNCE_NOTIFY_OWNER_ON_DISABLE and
- DEFAULT_BOUNCE_NOTIFY_OWNER_ON_REMOVAL control the default
- behavior.
-
- o List owners can now decide whether they receive unrecognized
- bounce messages or not (i.e. messages that the bounce
- processor doesn't recognize). Site admins can set the
- default value for this flag with the config variable
- DEFAULT_BOUNCE_UNRECOGNIZED_GOES_TO_LIST_OWNER.
-
- o The admindb summary page gives the option of clearing the
- moderation flag of members who are on quarantined.
-
- o The action to take when a moderated member posts to a list
- is now configurable. The message can either be held,
- rejected (bounced), or discarded. If the message is
- rejected, a rejection notice string can be given.
-
- o In the General admin page, you can now set the default value
- for five per-user flags: concealing the user's email
- address, acknowledging posts sent by the user, copy
- suppression, not-me-too selection, and the default digest
- type. Site admins can set the default bit field with the
- new DEFAULT_NEW_MEMBER_OPTIONS variable.
-
- o A new "Emergency brake" feature for turning on moderation of
- all list postings. This is useful for when flamewars break
- out, and the list needs a cooling off period. Messages
- containing an Approved: header with the list owner password
- are still allowed through, as are messages approved through
- the admindb interface.
-
- o When a moderated message is approved for the list, add an
- X-Mailman-Approved-At: header which contains the timestamp
- of the approval action (changed from X-Moderated: with a
- different format).
-
- o Lists can now be converted to using a less error prone
- mechanism for variable substitution syntax in headers and
- footers. Instead of %(var)s strings, you'd use $var
- strings. You must use "bin/withlist -r convert" to enable
- this.
-
- o When moderating held messages, the header text box and the
- message excerpt text box are now both read-only.
-
- o You can't delete the site list through the web.
-
- o When creating new lists through the web, you have the option
- of setting the "default member moderation" flag.
-
- - Security and privacy
- o New feature: banned subscription addresses. Privacy
- options/subscription rules now have an additional list box
- which can contain addresses or regular expressions.
- Subscription requests from any matching address are
- automatically rejected.
-
- o Membership tests which compare message headers against list
- rosters are now more robust. They now check, by default
- these header in order: From:, unixfrom, Reply-To:, Sender:.
- If any match, then the membership test succeeds.
-
- o ALLOW_SITE_ADMIN_COOKIES is a new configuration variable
- which says whether to allow AuthSiteAdmin cookies or not.
- Normally, when a list administrator logs into a list with
- the site password, they are issued a cookie that only allows
- them to do administration for this one list. By setting
- ALLOW_SITE_ADMIN_COOKIES to 1, the user only needs to
- authenticate to one list with the site password, and they
- can administer any mailing list.
-
- I'm not sure this feature is wise, so the default value for
- ALLOW_SITE_ADMIN_COOKIES is 0.
-
- o Marc MERLIN's new recipes for secure Linuxes have been
- updated.
-
- o DEFAULT_PRIVATE_ROSTER now defaults to 1.
-
- o Passwords are no longer included in the confirmation pages.
-
- - Internationalization
- o With the approval of Tamito KAJIYAMA, the Japanese codecs
- for Python are now included automatically, so you don't need
- to download and install these separate. It is installed in
- a Mailman-specific place so it won't affect your larger
- Python installation.
-
- o The configure script will produce a warning if the Chinese
- codes are not installed. This is not a fatal error.
-
- o Russian templates and catalogs have been added.
-
- o Finnish templates and catalogs have been added.
-
- - Scripts and utilities
- o New program bin/unshunt to safely move shunted messages back
- into the appropriate processing queue.
-
- o New program bin/inject for sending a plaintext message into
- the incoming queue from the command line.
-
- o New cron script cron/disabled for periodically culling the
- disabled membership.
-
- o bin/list_members has grown some new command line switches
- for filtering on different criteria (digest mode, disable
- mode, etc.)
-
- o bin/remove_members has grown the --fromall switch.
-
- o You can now do a bin/rmlist -a to remove an archive even
- after the list has been deleted.
-
- o bin/update removes the $prefix/Mailman/pythonlib directory.
-
- o bin/withlist grows a --all/-a flag so the --run/-r option
- can be applied to all the mailing lists. Also, interactive
- mode is now the default if -r isn't used. You don't need to
- run this script as "python -i bin/withlist" anymore.
-
- o There is a new script contrib/majordomo2mailman.pl which
- should ease the transition from Majordomo to Mailman.
-
- - MTA integration
- o Postfix integration has been made much more robust, but now
- you have to set POSTFIX_ALIAS_CMD and POSTFIX_MAP_CMD to
- point to the postalias and postmap commands respectively.
-
- o VERP-ish delivery has been made much more efficient by
- eliminating extra disk copies of messages for each recipient
- of a VERP delivery. It has also been made more robust in
- the face of failures during chunk delivery. This required a
- rewrite of SMTPDirect.py and one casualty of that rewrite
- was the experimental threaded delivery. It is no longer
- supported (but /might/ be resurrected if there's enough
- demand -- or a contributed patch :).
-
- o A new site config variable SMTP_MAX_SESSIONS_PER_CONNECTION
- specifies how many consecutive SMTP sessions will be
- conducted down the same socket connection. Some MTAs have a
- limit on this.
-
- o Support for VERP-ing confirmation messages. These are less
- error prone since the Subject: header doesn't need to be
- retained, and they allow a more user friendly (and i18n'd)
- Subject: header. VERP_CONFIRM_FORMAT, VERP_CONFIRM_REGEXP,
- and VERP_CONFIRMATIONS control this feature (only supported
- for invitation confirmations currently, but will be expanded
- to the other confirmations).
-
- o Several new list-centric addresses have been added:
- -subscribe and -unsubscribe are synonyms for -join and
- -leave, respectively. Also -confirm has been added to
- support VERP'd confirmations.
-
- - Archiver
- o There's now a default page for the Pipermail archive link
- for when no messages have yet been posted to the list.
-
- o Just the mere presence of an X-No-Archive: is enough to
- inhibit archiving for this message; the value of the header
- is now ignored.
-
- - Configuring, building, installing
- o Mailman now has a new favicon, donated by Terry Oda. Not
- all web pages are linked to the favicon yet though.
-
- o The add-on email package is now distributed and installed
- automatically, so you don't need to do this. It is
- installed in a Mailman-specific place so it won't affect
- your larger Python installation.
-
- o The default value of VERP_REGEXP has changed.
-
- o New site configuration variables BADQUEUE_DIR and
- QRUNNER_SAVE_BAD_MESSAGES which describe where to save
- messages which are not properly MIME encoded.
-
- o configure should be more POSIX-ly conformant.
-
- o The Mailman/pythonlib directory has been removed, but a new
- $prefix/pythonlib directory has been added.
-
- o Regression tests are now installed.
-
- o The second argument to add_virtual() calls in mm_cfg.py are
- now optional.
-
- o DEFAULT_FIRST_STRIP_REPLY_TO now defaults to 0.
-
- o Site administrators can edit the Mailman/Site.py file to
- customize some filesystem layout policies.
-
-
-2.1 alpha 4 (31-Dec-2001)
-
- - The administrative requests database page (admindb) has been
- redesigned for better usability when there are lots of held
- postings. Changes include:
- o A summary page which groups held messages by sender email
- address. On this page you can dispose of all the sender's
- messages in one action. You can also view the details of
- all the sender's messages, or the details of a single
- message. You can also add the sender to one of the list's
- sender filters.
-
- o A details page where you can view all messages, just those
- for a particular sender, or just a single held message.
- This details page is laid out the same as the old admindb
- page.
-
- o The instructions have been shorted on the summary and
- details page, with links to more detailed explanations.
-
- - Bounce processing
- o Mailman now keeps track of the reason a member's delivery
- has been disabled: explicitly by the administrator,
- explicitly by the user, by the system due to excessive
- bounces, or for (legacy) unknown reasons.
-
- o A new bounce processing algorithm has been implemented (we
- might actually understand this one ;). When an address
- starts bouncing, the member gets a "bounce score". Hard
- (fatal) bounces score 1.0, while soft (transient) bounces
- score 0.5.
-
- List administrators can specify a bounce threshold above
- which a member gets disabled. They can also specify a time
- interval after which, if no bounces are received from the
- member, the member's bounce score is considered stale and is
- thrown away.
-
- o A new cron script, cron/disabled, periodically sends
- notifications to members who are bounce disabled. After a
- certain number of warnings the member is deleted from the
- list. List administrators can control both the number of
- notifications and the amount of time between notifications.
-
- Notifications include a confirmation cookie that the member
- can use to re-enable their subscription, via email or web.
-
- o New configuration variables to support the bounce processing
- are DEFAULT_BOUNCE_SCORE_THRESHOLD,
- DEFAULT_BOUNCE_INFO_STALE_AFTER,
- DEFAULT_BOUNCE_YOU_ARE_DISABLED_WARNINGS,
- DEFAULT_BOUNCE_YOU_ARE_DISABLED_WARNINGS_INTERVAL.
-
- - Privacy and security
- o Sender filters can now be regular expressions. If a line
- starts with ^ it is taken as a (raw string) regular
- expression, otherwise it is a literal email address.
-
- o Fixes in 2.0.8 ported forward: prevent cross-site scripting
- exploits.
-
- - Mail delivery
- o Aliases have all been changed so that there's more
- consistency between the alias a message gets delivered to,
- and the script & queue runner that handles the message.
-
- I've also renamed the mail wrapper script to `mailman' from
- `wrapper' to avoid collisions with other MLM's. You /will/
- need to regenerate your alias files with bin/genaliases, and
- you may need to update your smrsh (Sendmail) configs.a
-
- Bounces always go to listname-bounces now, since
- administration has been separated from bounce processing.
- listname-admin is obsolete.
-
- o VERP support! This greatly improves the accuracy of bounce
- detection. Configuration variables which control this feature
- include VERP_DELIVERY_INTERVAL, VERP_PERSONALIZED_DELIVERIES,
- VERP_PASSWORD_REMINDERS, VERP_REGEXP, and VERP_FORMAT. The
- latter two must be tuned to your MTA.
-
- o A new alias mailman-loop@dom.ain is added which directs all
- output to the file $prefix/data/owner-bounces.mbox. This is
- used when sending messages to the site list owners, as the
- final fallback for bouncing messages.
-
- o New configuration variable POSTFIX_STYLE_VIRTUAL_DOMAINS
- which should be set if you are using the Postfix MTA and
- want Mailman to play nice with Postfix-style virtual
- domains.
-
- - Miscellaneous
- o Better interoperability with Python 2.2.
-
- o MailList objects now record the date (in seconds since
- epoch) that they were created. This is in a hidden
- attribute `created_at'.
-
- o bin/qrunner grows a -s/--subproc switch which is usually
- used only when it's started from mailmanctl.
-
- o bin/newlist grows a -l/--language option so that the list's
- preferred language can be set from the command line.
-
- o cron changes: admin reminders go out at 8am local time instead
- of 10pm local time.
-
- - Pipermail archiver
- o MIME attachments are scrubbed out into separate files which
- can be viewed by following a link in the original article.
- Article contains an indication of the size of the
- attachment, its type, and other useful information.
-
- o New script bin/cleanarch which can be used to `clean' an
- .mbox archive file by fixing unescaped embedded Unix From_
- lines.
-
- o New configuration variable ARCHIVE_SCRUBBER in
- Defaults.py.in which names the module that Pipermail should
- use to scrub articles of MIME attachments.
-
- o New configuration variable ARCHIVE_HTML_SANITIZER which
- describes how the scrubber should handle text/html
- attachments.
-
- o PUBLIC_ARCHIVE_URL has change its semantics. It is now an
- absolute url, with the hostname and listname parts
- interpolated into it on a per-list basis.
-
- o Pipermail should now provide the proper character set in the
- Content-Type: header for archived articles.
-
- - Internationalization
- o Czech translations by Dan Ohnesorg.
-
- o The Hungarian charset has be fixed to be iso-8859-2.
-
- o The member options login page now has a language selection
- widget.
-
- - Building, configuration
- o email-0.96 package is required (see the misc directory).
-
- o New recipes for integrating Mailman and Sendmail,
- contributed by David Champion.
-
-
-2.1 alpha 3 (22-Oct-2001)
-
- - Realname support
- o Mailman now tracks a member's Real Name in addition to their
- email address.
-
- o List members can now supply their Real Names when
- subscribing via the web. Their Real Names are parsed from
- any thru-email subscriptions.
-
- o Members can change their Real Names on their options page,
- and admins can change members' Real Names on the membership
- pages. Mass subscribing accepts "email@dom.ain (Real Name)"
- and "Real Name <email@dom.ain>" entries, for both
- in-text-box and file-upload mass subscriptions.
-
- - Filtering and Privacy
- o Reply-To: munging has been enhanced to allow a wider range
- of list policies. You can now pre-strip any Reply-To:
- headers before adding list-specific ones (i.e. you can
- override or extend existing Reply-To: headers). If
- stripping, the old headers are no longer saved on
- X-Reply-To:
-
- o New sender moderation rules. The old `posters',
- `member_only_posting', `moderated' and `forbidden_posters'
- options have been removed in favor of a new moderation
- scheme. Each member has a personal moderation bit, and
- non-member postings can be automatically accepted, held for
- approval, rejected (bounced) or discarded.
-
- o When membership rosters are private, responses to
- subscription (and other) requests are made more generic so
- that these processes can't be covertly mined for hidden
- addresses. If a subscription request comes in for a user
- who is already subscribed, the user is notified of potential
- membership mining.
-
- o When a held message is approved via the admindb page, an
- X-Moderated: header is added to the message.
-
- o List admins can now set an unsubscribe policy which requires
- them to approve of member unsubscriptions.
-
- - Web U/I
- o All web confirmations now require a two-click procedure,
- where the first click gives them a page that allows them to
- confirm or cancel their subscription. It is bad form for an
- email click (HTTP GET) to have side effects.
-
- o Lots of improvements for clarity.
-
- o The Privacy category has grown three subcategories.
-
- o The General options page as a number of subsection headers.
-
- o The Passwords and Languages categories are now on separate
- admin pages.
-
- o The admin subcategories are now formated as two columns in
- the top and bottom legends.
-
- o When creating a list through the web, you can now specify
- the initial list of supported languages.
-
- o The U/I for unsubscribing a member on the admin's membership
- page should be more intuitive now.
-
- o There is now a separate configuration option for whether the
- goodbye_msg is sent when a member is unsubscribed.
-
- - Performance
- o misc/mailman is a Unix init script, appropriate for
- /etc/init.d, and containing chkconfig hooks for systems that
- support it.
-
- o bin/mailmanctl has been rewritten; the `restart' command
- actually works now. It now also accepts -s, -q, and -u
- options.
-
- o bin/qrunner has been rewritten too; it can serve the role of
- the old cron/qrunner script for those who want classic
- cron-invoked mail delivery.
-
- o Internally, messages are now stored in the qfiles directory
- primarily as pickles. List configuration databases are now
- stored as pickles too (i.e. config.pck). bin/dumpdb knows
- how to display both pickles and marshals.
-
- - Mail delivery
- o If a user's message is held for approval, they are sent a
- notification message containing a confirmation cookie. They
- can use this confirmation cookie to cancel their own
- postings (if they haven't already been approved).
-
- o When held messages are forwarded to an explicit address
- using the admindb page, it is done so in a message/rfc822
- encapsulation.
-
- o When a message is first held for approval, the notification
- sent to the list admin is a 3-part multipart/mixed. The
- first part holds the notification message, the second part
- hold the original message, and the third part hold a cookie
- confirmation message, to which the admin can respond to
- approve or discard the message via email.
-
- o In the mail->news gateway, you can define mail headers that
- must be modified or deleted before the message can be posted
- to the nntp server.
-
- o The list admin can send an immediate urgent message to the
- entire list membership, bypassing digest delivery. This is
- done by adding an Urgent: header with the list password.
- Urgent messages with an invalid password are rejected.
-
- o Lists can now optionally personalize email messages, if the
- site admin allows it. Personalized messages mean that the
- To: header includes the recipient's address instead of the
- list's address, and header and footer messages can contain
- user-specific information. Note that only regular
- deliveries can currently be personalized.
-
- o Message that come from Usenet but that have broken MIME
- boundaries are ignored.
-
- o If the site administrator agrees, list owners have the
- ability to disable RFC 2369 List-* headers.
-
- o There is now an API for an external process to post a
- message to a list. This posting process can also specify an
- explicit list of recipients, in effect turning the mailing
- list into a "virtual list" with a fluid membership. See
- Mailman/Post.py for details.
-
- - Building/testing/configuration
- o mimelib is no longer required, but you must install the
- email package (see the tarball in the misc directory).
-
- o An (as yet) incomplete test suite has been added. Don't try
- running it in a production environment!
-
- o Better virtual host support by adding a mapping from the
- host name given in cgi's HTTP_HOST/SERVER_NAME variable to
- the email host used in list addresses. (E.g. www.python.org
- maps to @python.org).
-
- o Specifying urls to external public archivers is more
- flexible.
-
- o The filters/ subdirectory has been removed.
-
- o There is now a `site list' which is a mailing list that must
- be created first, and from which all password reminders
- appear to come from. It is recommended that this list be
- called "mailman@your.site".
-
- o bin/move_list is no longer necessary (see the FAQ for
- detailed instructions on renaming a list).
-
- o A new script bin/fix_url.py can be used with bin/withlist to
- change a list's web_page_url configuration variable (since
- it is no longer modifiable through the web).
-
- - Internationalization
- o Support for German, Hungarian, Italian, Japanese, and
- Norwegian have been added.
-
- - Miscellaneous
- o Lots of new bounce detectors. Bounce detectors can now
- discard temporary bounce messages by returning a special
- Stop value.
-
- o bin/withlist now sports a -q/--quiet flag.
-
- o bin/add_members has a new -a/--admin-notify flag which can
- be used to inhibit list owner notification for each
- subscription.
-
- - Membership Adaptors
- o Internally, mailing list memberships are accessed through a
- MemberAdaptor interface. This would allow for integrating
- membership databases with external sources (e.g. Zope or
- LDAP), although the only MemberAdaptor currently implemented
- is a "classic" adaptor which stores the membership
- information on the MailList object.
-
- o There's a new pipeline handler module called FileRecips.py
- which could be used to get all regular delivery mailing list
- recipients from a Sendmail-style :include: file (see List
- Extensibility bullet below).
-
- This work was sponsored by Control.com
-
- - List Extensibility
- o A framework has been added which can be used to specialize
- and extend specific mailing lists. If there is a file
- called lists/<yourlist>/extend.py, it is execfile()'d after
- the MailList object is instantiated. The file should
- contain a function extend() which will be called with the
- MailList instance. This function can do all sorts of deep
- things, like modify the handler pipeline just for this list,
- or even strip out particular admin GUI elements (see below).
-
- o All the admin page GUI elements are now separate
- components. This provides greater flexibility for list
- customization. Also, each GUI element will be given an
- opportunity to handle admin CGI form data.
-
- This work was sponsored by Control.com
-
- - Topic Filters
- o A new feature has been added called "Topic Filters". A list
- administrator can create topics, which are essentially
- regular expression matches against Subject: and Keyword:
- headers (including such pseudo-headers if they appear in the
- first few lines of the body of a message).
-
- List members can then `subscribe' to various topics, which
- allows them to filter out any messages that don't match a
- topic, or to filter out any message that does match a
- topic. This can be useful for high volume lists where not
- everyone will be interested in every message.
-
- This work was sponsored by Control.com
-
-2.1 alpha 2 (11-Jul-2001)
-
- - Building
- o mimelib 0.4 is now required. Get it from
- http://mimelib.sf.net. If you've installed an earlier
- version of mimelib, you must upgrade.
-
- o /usr/local/mailman is now the default installation
- directory. Use configure's --prefix switch to change it
- back to the default (/home/mailman) or any other
- installation directory of your choice.
-
- - Security
- o Better definition of authentication domains. The following
- roles have been defined: user, list-admin, list-moderator,
- creator, site-admin.
-
- o There is now a separate role of "list moderator", which has
- access to the pending requests (admindb) page, but not the
- list configuration pages.
-
- o Subscription confirmations can now be performed via email or
- via URL. When a subscription is received, a unique (sha)
- confirm URL is generated in the confirmation message.
- Simply visiting this URL completes the subscription process.
-
- o In a similar manner, removal requests (via web or email
- command) no longer require the password. If the correct
- password is given, the removal is performed immediately. If
- no password is given, then a confirmation message is
- generated.
-
- - Internationalization
- o More I18N patches. The basic infrastructure should now be
- working correctly. Spanish templates and catalogs are
- included, and English, French, Hungarian, and Big5 templates
- are included.
-
- o Cascading specializations and internationalization of
- templates. Templates are now search for in the following
- order: list-specific location, domain-specific location,
- site-wide location, global defaults. Each search location
- is further qualified by the language being displayed. This
- means that you only need to change the templates that are
- different from the global defaults.
-
- Templates renamed: admlogin.txt => admlogin.html
- Templates added: private.html
-
- - Web UI
- o Redesigned the user options page. It now sits behind an
- authentication so user options cannot be viewed without the
- proper password. The other advantage is that the user's
- password need not be entered on the options page to
- unsubscribe or change option values. The login screen also
- provides for password mail-back, and unsubscription w/
- confirmation.
-
- Other new features accessible from the user options page
- include: ability to change email address (with confirmation)
- both per-list and globally for all list on virtual domain;
- global membership password changing; global mail delivery
- disable/enable; ability to suppress password reminders both
- per-list and globally; logout button.
-
- [Note: the handle_opts cgi has gone away]
-
- o Color schemes for non-template based web pages can be defined
- via mm_cfg.
-
- o Redesign of the membership management page. The page is now
- split into three subcategories (Membership List, Mass
- Subscription, and Mass Removal). The Membership List
- subcategory now supports searching for member addresses by
- regular expression, and if necessary, it groups member
- addresses first alphabetically, and then by chunks.
-
- Mass Subscription and Mass Removal now support file upload,
- with one address per line.
-
- o Hyperlinks from the logos in the footers have been removed.
- The sponsors got too much "unsubscribe me!" spam from
- desperate user of Mailman at other sites.
-
- o New buttons on the digest admin page to send a digest
- immediately (if it's non-empty), to start a new digest
- volume with the next digest, and to select the interval with
- which to automatically start a new digest volume (yearly,
- monthly, quarterly, weekly, daily).
-
- DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration
- variable, initially set to give a new digest volume monthly.
-
- o Through-the-web list creation and removal, using a separate
- site-wide authentication role called the "list creator and
- destroyer" or simply "list creator". If the configuration
- variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by
- default, it's 0), then list admins can delete their own
- lists.
-
- This feature requires an adaptor for the particular MTA
- you're using. An adaptor for Postfix is included, as is a
- dumb adaptor that just emails mailman@yoursite with the
- necessary Sendmail style /etc/alias file changes. Some MTAs
- like Exim can be configured to automatically recognize new
- lists. The adaptor is selected via the MTA option in
- mm_cfg.py
-
- - Email UI
- o In email commands, "join" is a synonym for
- "subscribe". "remove" and "leave" are synonyms for
- "unsubscribe". New robot addresses are support to make
- subscribing and unsubscribing much easier:
-
- mylist-join@mysite
- mylist-leave@mysite
-
- o Confirmation messages have a shortened Subject: header,
- containing just the word "confirm" and the confirmation
- cookie. This should help for MUAs that like to wrap long
- Subject: lines, messing up confirmation.
-
- o Mailman now recognizes an Urgent: header, which, if it
- contains the list moderator or list administrator password,
- forces the message to be delivered immediately to all
- members (i.e. both regular and digest members). The message
- is also placed in the digest. If the password is incorrect,
- the message will be bounced back to the sender.
-
- - Performance
- o Refinements to the new qrunner subsystem which preserves
- FIFO order of messages.
-
- o The qrunner is no longer started from cron. It is started
- by a Un*x init-style script called bin/mailmanctl (see
- below). cron/qrunner has been removed.
-
- - Command line scripts
- o bin/mailmanctl script added, which is used to start, stop,
- and restart the qrunner daemon.
-
- o bin/qrunner script added which allows a single sub-qrunner
- to run once through its processing loop.
-
- o bin/change_pw script added (eases mass changing of list
- passwords).
-
- o bin/update grows a -f switch to force an update.
-
- o bin/newlang renamed to bin/addlang; bin/rmlang removed.
-
- o bin/mmsitepass has grown a -c option to set the list
- creator's password. The site-wide `create' web page is
- linked to from the admin overview page.
-
- o bin/newlist's -o option is removed. This script also grows
- a way of spelling the creation of a list in a specific
- virtual domain.
-
- o The `auto' script has been removed.
-
- o bin/dumpdb has grown -m/--marshal and -p/--pickle options.
-
- o bin/list_admins can be used to print the owners of a mailing list.
-
- o bin/genaliases regenerates from scratch the aliases and
- aliases.db file for the Postfix MTA.
-
- - Archiver
- o New archiver date clobbering option, which allows dates to
- only be clobber if they are outrageously out-of-date
- (default setting is 15 days on either side of received
- timestamp). New configuration variables:
-
- ARCHIVER_CLOBBER_DATE_POLICY
- ARCHIVER_ALLOWABLE_SANE_DATE_SKEW
-
- The archived copy of messages grows an X-List-Received-Date:
- header indicating the time the message was received by
- Mailman.
-
- o PRIVATE_ARCHIVE_URL configuration variable is removed (this
- can be calculated on the fly, and removing it actually makes
- site configuration easier).
-
- - Miscellaneous
- o Several new README's have been added.
-
- o Most syslog entries for the qrunner have been redirected to
- logs/error.
-
- o On SIGHUP, qrunner will re-open all its log files and
- restart all child processes. See "bin/mailmanctl restart".
-
- - Patches and bug fixes
- o SF patches and bug fixes applied: 420396, 424389, 227694,
- 426002, 401372 (partial), 401452.
-
- o Fixes in 2.0.5 ported forward:
- Fix a lock stagnation problem that can result when the
- user hits the `stop' button on their browser during a
- write operation that can take a long time (e.g. hitting
- the membership management admin page).
-
- o Fixes in 2.0.4 ported forward:
- Python 2.1 compatibility release. There were a few
- questionable constructs and uses of deprecated modules
- that caused annoying warnings when used with Python 2.1.
- This release quiets those warnings.
-
- o Fixes in 2.0.3 ported forward:
- Bug fix release. There was a small typo in 2.0.2 in
- ListAdmin.py for approving an already subscribed member
- (thanks Thomas!). Also, an update to the OpenWall
- security workaround (contrib/securelinux_fix.py) was
- included. Thanks to Marc Merlin.
-
-2.1 alpha 1 (04-Mar-2001)
-
- - Python 2.0 or newer required. Also required is `mimelib' a new
- library for handling MIME documents. This will be bundled in
- future releases, but for now, you must download and install it
- (using Python's distutils) from
-
- http://barry.wooz.org/software/Code/mimelib-0.2.tar.gz
-
- You need mimelib 0.2 or better.
-
- - Redesigned qrunner subsystem. Now there are multiple message
- queues, and considerable flexibility in file formats for
- integration with external systems. The current crop of queues
- include:
-
- archive -- for posting messages to an archiver
- commands -- for incoming email commands and bounces
- in -- for list-destined incoming email
- news -- for messages outgoing to a nntp server
- out -- for messages outgoing to a smtp server
- shunt -- for messages that trigger unexpected exceptions in Mailman
- virgin -- for messages that are generated by Mailman
-
- cron/qrunner is now a long running script that forks off
- sub-runners for each of the above queues. qrunner still plays
- nice with cron, but it is expected to be started by init at some
- point in the future. Some support exists for parallel
- processing of messages in the queues.
-
- - Support for internationalization support merged in. Original
- work done by Juan Carlos Rey Anaya and Victoriano Giralt. I've
- tested about 90% of the web side, 50% of the email, and 50% of
- the command line / cron scripts.
-
- New scripts: bin/newlang, bin/rmlang
-
- - New delivery script `auto' for automatic integration with the
- Postfix MTA.
-
- - A bunch of new bounce detectors.
-
- Changes ported from Mailman 2.0.2 and 2.0.1:
-
- - A fix for a potential privacy exploit where a clever list
- administrator could gain access to user passwords. This doesn't
- allow them to do much more harm to the user then they normally
- could, but they still shouldn't have access to the passwords.
-
- - In the admindb page, don't complain when approving a
- subscription of someone who's already on the list (SF bug
- #222409 - Thomas Wouters).
-
- Also, quote for HTML the Subject: text printed for held
- messages, otherwise messages with e.g. "Subject: </table>" could
- royally screw page formatting.
-
- - Docstring fix bin/newlist to remove mention of "immediate"
- argument (Thomas Wouters).
-
- - Fix for bin/update when PREFIX != VAR_PREFIX (SF bug #229794 --
- Thomas Wouters).
-
- - Bug fix release, namely fixes a buglet in bin/withlist affecting
- the -l and -r flags; also a problem that can cause qrunner to
- stop processing mail after disk-full events (SourceForge bug
- 127199).
-
-2.0 final (21-Nov-2000)
-
- No changes from rc3.
-
-2.0 release candidate 3 (16-Nov-2000)
-
- - By popular demand, Reply-To: munging policy is now to always
- override any Reply-To: header in the original message, if
- reply_goes_to_list is set to "This list" or "Explicit Address"
-
- - bin/newlist given -q/--quiet flag instead of the <immediate>
- positional argument
-
- - Hopefully last fix to DEFAULT_URL not ending in a slash
- sensitivity
-
- - 2.0rc2 buglets fixed:
- o newlist argument parsing
- o updating with unlocked lists
- o HyperArch.py traceback when there's no
- Content-Transfer-Encoding: header
-
- - SourceForge bugs fixed:
- 122358 (qmail-to-mailman.py listname case folding)
-
- - SourceForge patches applied:
- 102373 (qmail-to-mailman.py listname case folding)
-
-2.0 release candidate 2 (10-Nov-2000)
-
- - Documentation updates: start at admin/www/index.html
-
- - bin/withlist accepts additional command line arguments when used
- with the --run flag; bin/mmsitepass and bin/newlist accept
- -h/--help flags
-
- - bin/newlist has a -o/--output flag to append /etc/aliases
- suggestions to a specified file
-
- - SourceForge bugs fixed:
- 116615 (README.BSD update), 117015 (duplicate messages on
- moderated posts), 117548 (exception in HyperArch.py), 117682
- (typos), 121185 (vsnprintf signature), 121591 and 122017
- (bogus link after web unsubscribe), 121811 (`subscribe' in
- Subject: doesn't get archived)
-
- - SourceForge patches applied:
- 101812 (securelinux_fix.py contrib), 102097 (fix for bug
- 117548), 102211 (additional args for withlist), 102268 (case
- insensitive Content-Transfer-Encoding:)
-
-2.0 release candidate 1 (23-Oct-2000)
-
- - Bug fixes and security patches.
-
- - Better html rendition of articles in non us-ascii charsets
- (Jeremy Hylton). See VERBATIM_ENCODING variable in
- Defaults.py.in for customization.
-
-2.0 beta 6 (22-Sep-2000)
-
- - Building
- o Tested with Python 1.5.2, Python 1.6, and Python 2.0 beta 1.
- Conducted on RH Linux 6.1 only, but should work
- cross-platform.
-
- o Configure now accepts --with-username, --with-groupname,
- --with-var-prefix flags. See `configure --help' or the
- INSTALL file for details.
-
- o Setting the CFLAGS environment variable before invoking
- configure now works.
-
- o The icons are now copied into $prefix/icons at install time.
- Patch by David Champion.
-
- - Standards
- o Compliance with RFC 2369 (List-*: headers). Patch by
- Darrell Fuhriman. List-ID: header is kept for historical
- reasons.
-
- o Fixes by Jeremy Hylton to Pipermail in support of non-ASCII
- charsets, based on the Content-Type: and encoded-words in
- the original message. Mail headers are now decoded as per
- RFC 2047.
-
- o Many more bounce formats are detected: Microsoft's SMTPSVC,
- Compuserve, GroupWise, SMTP32, and the more generic
- SimpleMatch (which catches lots of similar but slightly
- different formats).
-
- - Defaults
- o Email addresses can now be obscured in Pipermail archives by
- setting mm_cfg.ARCHIVER_OBSCURES_EMAILADDRS to 1 (obscuring
- is turned off by default). Patch provided by Chris Snell.
-
- o The default NNTP host can now be set by editing
- mm_cfg.DEFAULT_NNTP_HOST. Patch by David Champion.
-
- o The default archiving mode (public/private) can now be set
- by editing mm_cfg.DEFAULT_ARCHIVE. Patch by Ted Cabeen.
-
- - Web UI
- o The variable details pages in the administrators interface
- is now `live', i.e. there's a submit button on the details
- page.
-
- o A link to the administrative interface is placed in the
- footer of the general user pages (authentication still
- required, of course!)
-
- o The user options change results page has a link back to the
- user's main page.
-
- o In the admindb page (for dealing with held postings), the
- default forward address is now listname-owner instead of
- listname-admin. This avoids bounce detection on the
- forwarded message.
-
- - Miscellaneous
- o Fixed config.db corruption problem when disk-full errors are
- encountered.
-
- o Command line scripts accept list names case-insensitively.
-
- o bin/remove_members takes a -a flag to remove all members of
- a list in one fell swoop.
-
- o List admin passwords must be non-empty.
-
- o Mailman generated passwords are slightly more mnemonic, and
- shouldn't have confusing character selections (i.e. `i'
- only, but no `1' or `l').
-
- o Crossposting to two gated mailing lists should be fixed.
-
- o Many other bug fixes and minor web UI improvements.
-
-2.0 beta 5 (01-Aug-2000)
-
- - Bug fix release. This includes a fix for a small security hole
- which could be exploited to gain mailman group access by a local
- user (not a mail or web user).
-
- - As part of the fix for the "cookie reauthorization" bug, only
- session cookies are used now. This means that administrative
- and private archive cookies expire only when the browser session
- is quit, however an explicit "Logout" button has been added.
-
-2.0 beta 4 (06-Jul-2000)
-
- - Bug fix release.
-
-2.0 beta 3 (29-Jun-2000)
-
- - Delivery mechanism (qrunner) refined to support immediate
- queuing, queuing directly from MTA, and queuing on any error
- along the delivery pipeline. This means 1) that huge lists
- can't time out the MTA's program delivery channel; 2) it is much
- harder to completely lose messages; 3) eventually, qrunner will
- be elaborated to meter delivery to the MTA so as not to swamp
- it. The tradeoff is in more disk I/O since every message coming
- into the system (and most that are generated by the system) live
- on disk for some part of their journey through Mailman.
-
- For now, see the Default.py variables QRUNNER_PROCESS_LIFETIME
- and QRUNNER_MAX_MESSAGES for primitive resource management.
-
- The API to the pipeline handler modules has changed. See
- Mailman/Handlers/HandlerAPI.py for details.
-
- - Revamped admindb web page: held messages are split into headers
- and bodies so they are easier to vette; admins can now also
- preserve a held message (for spam evidence gathering) or forward
- the message to a specified email address; disposition of held
- messages can be deferred; held messages have a more context
- meaningful default rejection message.
-
- - Change to the semantics for `acceptable_aliases' list
- configuration variable, based on suggestions by Harald Meland.
-
- - New mm_cfg.py variables NNTP_USERNAME and NNTP_PASSWORD can be
- set on a site-wide basis if connection to your nntpd requires
- authentication.
-
- - The list attribute `num_spawns' has been removed. The mm_cfg.py
- variables MAX_SPAWNS, and DEFAULT_NUM_SPAWNS removed too.
-
- - LIST_LOCK_LIFETIME cranked to 5 hours and LIST_LOCK_TIMEOUT
- shortened to 10 seconds. QRUNNER_LOCK_LIFETIME cranked up to 10
- hours. This should decrease the changes for bogus and harmful
- lock breaking.
-
- - Resent-to: is now one of the headers checked for explicit
- destinations.
-
- - Tons more bounce formats are recognized. The API to the bounce
- modules has changed.
-
- - A rewritten LockFile module which should fix most (hopefully all)
- bugs in the locking machinery. Many improvements suggested by
- Thomas Wouters and Harald Meland.
-
- - Experimental support (disabled by default) for delivering SMTP
- chunks to the MTA via multiple threads. Your Python executable
- must have been compiled with thread support enabled, and you
- must set MAX_DELIVERY_THREADS in mm_cfg.py. Note that this may
- not improve your overall system performance.
-
- - Some changes and additions to scripts: bin/find_member now
- supports a -w/--owner flag to match regexps against mailing list
- owners; bin/find_member now supports multiple regexps;
- cron/gate_news command line option changes; new script
- bin/dumbdb for debugging purposes; bin/clone_member can now also
- remove the old address and change change the list owner
- addresses.
-
- - The News/Mail gateway admin page has a button that lets you do
- an explicit catchup of the newsgroup.
-
- - The CVS repository has been moved out to SourceForge. For more
- information, see the project summary at
-
- http://sourceforge.net/project/?group_id=103
-
- - Lots 'o bug fixes and some performance improvements.
-
-2.0 beta 2 (07-Apr-2000)
-
- - Rewritten gate_news cron script which should be more efficient
- and avoid race and locking problems. Each list now maintains
- its own watermark, and when you use the admin CGI script to turn
- on gating from Usenet->mail, an automatic mass catch up is done
- to avoid flooding the mailing list. cron/gate_news's command
- line interface has also changed. See its docstring for
- details.
-
- - A new cron script called qrunner has been added to retry message
- deliveries that fail because of temporary smtpd problems.
-
- - New command line script called bin/list_lists which does exactly
- that: lists all the mailing lists on the system (much like the
- listinfo CGI does).
-
- - bin/withlist is now directly executable, however if you want to
- use python -i, you must still explicitly invoke it.
- bin/withlist also now cleans up after itself by unlocking any
- locked lists. It does NOT save any dirty lists though - you
- must do this explicitly.
-
- - $prefix permissions (and all subdirs) must now be 02775.
- bin/check_perms has been updated to fix all the subdir
- permissions.
-
- - "make update" (a.k.a. bin/update) is run automatically when you
- do a "make install"
-
- - The CGI driver script now puts information about the Python
- environment into the logs/error file (but not the diagnostic web
- page).
-
- - Bug fixes and some performance improvements
-
-2.0 beta 1 (19-Mar-2000)
-
- - Python 1.5.2 (or newer) is now required.
-
- - A new bundled auto-responder has been added. You can now
- configure an autoresponse text for each list's primary
- addresses:
-
- listname@yourhost.com -- the general posting address
- listname-request@... -- the automated "request bot" address
- listname-admin@... -- the human administrator address
-
- - The standard UI now includes three logos at the bottom of the
- page: Dragon's Mailman logo, the Python Powered logo, and the
- GNU logo. All point to their respective home pages.
-
- - It is now possible to set the Reply-To: field on lists to an
- arbitrary address. NOTE: Reply-To: munging is generally
- considered harmful! However for some read-only lists, it is
- useful to direct replies to a parallel discussion list.
-
- - There is a new message delivery architecture which uses a
- pipeline processor for incoming and internally generated
- messages. Mailman no longer contains a bundled bulk-mailer;
- instead message delivery is handled completely by the MTA. Most
- MTAs give a high enough priority to connections from the
- localhost that mail will not be lost because of system load, but
- this is not guaranteed (or handled) by Mailman currently. Be
- careful also if your smtpd is on a different host than the
- Mailman host. In practice, mail lossage has not be observed.
-
- For this reason cron/run_queue is no longer needed (see the
- UPGRADING file for details).
-
- Also, you can choose whether you want direct smtp delivery, or
- delivery via the command line to a sendmail-compatible daemon.
- You can also easily add your own delivery module. See
- Mailman/Defaults.py for details.
-
- - A similar pipeline architecture for the parsing of bounce
- messages has been added. Most common bounce formats are now
- handled, including Qmail, Postfix, and DSN. It is now much
- easier to add new bounce detectors.
-
- - The approval pending architecture has also been revamped.
- Subscription requests and message posts waiting for admin
- approval are no longer kept in the config.db file, but in a
- separate requests.db file instead.
-
- - Finally made consistent the use of Sender:/From:/From_ in the
- matching of headers for such things as member-post-only. Now,
- if USE_ENVELOPE_SENDER is true, Sender: will always be chosen
- over From:, however the default has been changed to
- USE_ENVELOPE_SENDER false so that From: is always chosen over
- Sender:. In both cases, if no header is found, From_ (i.e. the
- envelope sender is used). Note that the variable is now
- misnamed! Most people want From: matching anyway and any are
- easily spoofable.
-
- - New scripts bin/move_list, bin/config_list
-
- - cron/upvolumes_yearly, cron/upvolumes_monthly, cron/archive,
- cron/run_queue all removed. Edit your crontab if you used these
- scripts. Other scripts removed: contact_transport, deliver,
- dumb_deliver.
-
- - Several web UI improvements, especially in the admin page.
-
- - Remove X-pmrqc: headers to prevent return reciepts for Pegasus
- mail users.
-
- - Security patch when using external archivers.
-
- - Honor "X-Archive: No" header by not putting this message in the
- archive.
-
- - Changes to the log file format.
-
- - The usual bug fixes.
-
-1.1 (05-Nov-1999)
-
- - All GIFs removed. See http://www.gnu.org/philosophy/gif.html
- for the reason why.
-
- - Improvements to the Pipermail archiver which make things faster.
- Primary change is that the .txt files are not gzipped on every
- posted message. Instead, use the new cron script `nightly_gzip'
- to gzip the .txt file in batches (this means that the .txt file
- will lag behind the on-line archives a little).
-
- - From the C drivers programs, Python is invoked with the -S
- option. This tells Python to avoid importing the site module,
- which can improve start up time of the Python process
- considerably. Note that the command line script invocation has
- not been changed.
-
- - New configuration variables PUBLIC_EXTERNAL_ARCHIVER and
- PRIVATE_EXTERNAL_ARCHIVER which can contain a shell command
- string for os.popen(). This can be used to invoke an external
- archiver instead of the bundled Pipermail archiver. See
- Defaults.py for details.
-
- - new script `bin/find_member' which can be used to search for a
- member by regular expression.
-
- - More child processes are reaped, which should eliminate most
- occurrences of zombie processes.
-
- - A few small miscellaneous bug fixes (including PR#99, PR#107)
- and improvements to the file locking algorithms.
-
-1.0 (30-Jul-1999)
-
- - Configure script now allows $PREFIX (by default /home/mailman)
- to be permissions 02755. Also, configure now tests for
- vsnprintf()
-
- - Workaround, taken from GNU screen, for systems missing
- vsnprintf()
-
- - Return-Receipt-To: and Disposition-Notification-To: headers are
- always removed from posted messages (they can be used to troll
- for list membership).
-
- - Workaround for MSIE4.01 (and possibly other versions) bug in the
- handling of cookies.
-
- - A small collection of other bug fixes.
-
-1.0rc3 (10-Jul-1999)
-
- - new script bin/check_perms which checks (and optionally fixes)
- the permissions and group ownerships of the files in your
- Mailman installation.
-
- - Removed a bottleneck in the archiving code that was causing
- performance problems on highly loaded servers.
-
- - The code that saves a list's state and configuration database
- has been made more robust.
-
- - Additional exception handlers have been added in several places
- to alleviate problems with Mailman bombing out when it really
- would be better to print/log a helpful message.
-
- - The "password" mail command will now mail back the sender's
- subscription password when given with no arguments.
-
- - The embarrassing subject-prefixing bug present in rc2 has been
- fixed.
-
- - A small (but nice :) collection of other squashed bugs.
-
-1.0rc2 (14-Jun-1999)
-
- - A security flaw in the CGI cookie mechanisms was discovered --
- the Mailman-issued cookies were easily spoofable, implying that
- e.g. admin access to all Mailman lists via the web interface
- could be compromised. This flaw has now been fixed.
-
- - Handling of SMTP errors has been improved.
-
- - Both "Mass Subscription" via web admin interface and
- bin/add_members have been greatly sped up.
-
- - autoconf check for syslog has been revamped, and is now verified
- to work on SCO OpenServer 5. If syslog can't be found, the C
- wrappers will compile, but without any syslog calls.
-
- - Various other bug fixes.
-
-1.0rc1 (04-May-1999)
-
- - There is a new Mailman logo, contributed by The Dragon De
- Monsyne. Please read the INSTALL file for information about
- installing the logo in a place your Web server can find it.
-
- - USE_ENVELOPE_SENDER is now set to 0 by default. Turning this on
- caused problems for too many users; lists restricted to
- member-only posts were not matching the addresses correctly.
-
- - A revamped bin/withlist to be a little more useful.
-
- - A revamped cron/mailpasswds which groups users by virtual hosts.
-
- - The usual assortment of bug fixes.
-
-1.0b11 (03-Apr-1999)
-
- - Bug fixes and improvements for case preservation of subscribed
- addresses. The DATA_FILE_VERSION has been bumped to 14.
-
- - New script bin/withlist, useful for interactive debugging.
-
-1.0b10 (26-Mar-1999)
-
- - New script bin/sync_members which can be used to synchronize a
- list's membership against a flat (e.g. sendmail :include: style)
- file.
-
- - bin/add_members and bin/remove_members now accept addresses on
- the command line with `-' as the value for the -d and -n
- options.
-
- - Added variable USE_ENVELOPE_SENDER to Defaults.py for site-wide
- configuration of address matching scheme. With this variable
- set to true, the envelope sender (e.g. Unix "From_" header) is
- used to match addresses, otherwise the From: header is used.
- Envelope sender matching seems not to work on many systems.
- This variable is currently defaulted to 1, but may change to 0
- for the final release.
-
- - Reorganization of the membership management admin page. Also
- member addresses are linked to their options page. Only the
- `General' category has the admin password change form.
-
- - Major reorganization of email command handling and responses.
- `notmetoo' is the preferred email command instead of `norcv',
- although the latter is still accepted as an argument. If more
- than 5 errors are found in the message, command processing is
- halted.
-
- - User options page now shows the user their case-preserved
- subscribed address as well.
-
- - The usual assortment of bug fixes.
-
-1.0b9 (01-Mar-1999)
-
- - New bin scripts: clone_member, list_members, add_members (a
- consolidation of convertlist and populate_new_list which have
- been removed).
-
- - Two new readmes have been added: README.LINUX and README.QMAIL
-
- - New configure option --with-cgi-ext which can be used if your
- Web server requires extensions on CGI scripts. The extension
- must include a dot (e.g. --with-cgi-ext=".cgi").
-
- - Many bug fixes, including the setgid problem that was causing
- mail to be lost on some versions of Linux.
-
-1.0b8 (14-Jan-1999)
-
- - Bug fixes and workarounds for certain Linuxes.
-
- - Illegal addresses are no longer allowed to be subscribed, from
- any interface.
-
-1.0b7 (31-Dec-1998)
-
- - Many, many bug fixes. Some performance improvements for large
- lists. Some improvements in the Web interfaces. Some security
- improvements. Improved compatibility with Python 1.5.
-
- - bin/convert_list and bin/populate_new_list have been replaced
- by bin/add_members.
-
- - Admins can now get notification on subscriptions and
- unsubscriptions. Posts are now logged.
-
- - The username portion of email addresses are now case-preserved
- for delivery purposes. All other address comparisions are
- case-insensitive.
-
- - New default SMTP_MAX_RCPTS that limits the number of "RCPT TO"
- SMTP commands that can be given for a single message. Most
- MTAs have some hard limit.
-
- - "Precedence: bulk" header and "List-id:" header are now added
- to all outgoing messages. The latter is not added if the
- message already has a "List-id:" header. See RFC 2046 and
- draft-chandhok-listid-02 for details.
-
- - The standard (as of Python 1.5.2) smtplib.py is now used.
-
- - The install process now compiles all the .py files in the
- installation.
-
- - Versions of the Mailman papers given at IPC7 and LISA-98 are
- now included.
-
-1.0b6 (07-Nov-1998)
-
- - Archiving is (finally) back in.
-
- - Administrivia filter added.
-
- - Mail queue mechanism revamped with better concurrency control.
-
- - For recipients that have estmp MTAs, set delivery notification
- status so that only delivery failure notices are sent out,
- inhibiting 4 hour and N day warning notices.
-
- - Now expire old unconfirmed subscription requests, rather than
- keeping them forever.
-
- - Added proposed standard List-Id: header, and our own
- X-MailmanVersion header.
-
- - Prevent havoc from attempts to subscribe a list to itself. (!)
-
- - Refine mail command processing to prevent loops.
-
- - Pending subscription DB redone with better locking and cleaner
- interface.
-
- - posters functionality expanded.
-
- - Subscription policy more flexible, sensible, and
- site-configurable.
-
- - Various and sundry bug fixes.
-
-1.0b5 (27-Jul-1998)
-
- - New file locking that should be portable and work w/ NFS.
-
- - Better use of packages.
-
- - Better error logging and reporting.
-
- - Less startup overhead.
-
- - Various and sundry bug fixes.
-
-
-1.0b4 (03-Jun-1998)
-
- - A configure script for easy installation (Barry Warsaw)
-
- - The ability to install Mailman to locations other than
- /home/mailman (Barry Warsaw)
-
- - Use cookies on the admin pages (also hides admin pages from
- others) (Scott Cotton)
-
- - Subscription requests send a request for confirmation, which may
- be done by simply replying to the message (Scott Cotton)
-
- - Facilities for gating mail to a newsgroup, and for gating a
- newsgroup to a mailing list (John Viega)
-
- - Contact the SMTP port instead of calling sendmail (primarily for
- portability) (John Viega)
-
- - Changed all links on web pages to relative links where appropriate.
- (John Viega)
-
- - Use MD5 if crypt is not available (John Viega)
-
- - Lots of fixing up of bounce handling (Ken Manheimer)
-
- - General UI polishing (Ken Manheimer)
-
- - mm_html: Make it prominent when the user's delivery is disabled
- on his option page. (Ken Manheimer)
-
- - mallist:DeleteMember() Delete the option setings if any. (Ken
- Manheimer)
-
-1.0b3 (03-May-1998)
-
- - mm_message:Deliverer.DeliverToList() added missing newline
- between the headers and message body. Without it, any sequence
- of initial body lines that _looked_ like headers ("Sir: Please
- excuse my impertinence, but") got treated like headers.
-
- - Fixed typo which broke subscription acknowledgement message
- (thanks to janne sinkonen for pointing this out promptly after
- release). (Anyone who applied my intermediate patch will
- probably see this one trigger patch'es reversed-patch
- detector...)
-
- - Fixed cgi-wrapper.c so it doesn't segfault when invoked with
- improper uid or gid, and generally wrappers are cleaned up a
- bit.
-
- - Prevented delivery-failure notices for misdirected subscribe-
- confirmation requests from bouncing back to the -request addr,
- and then being treated as failing requests.
-
- Implemented two measures. Set the reply-to for the
- confirmation- request to the -request addr, and the sender to be
- the list admin. This way, bounces go to list admin instead of
- to -request addr. (Using the errors-to header wasn't
- sufficient. Thanks, barry, for pointing out the use of sender
- here.) Second, ignore any mailcommands coming from postmaster
- or non-login system type accounts (mailer-daemon, daemon,
- postoffice, etc.)
-
- - Reenabled admin setting of web_page_url - crucial for having
- lists use alternate names of a host that occupies multiple
- addresses.
-
- - Fixed and refined admin-options help mechanism. Top-level visit
- to general-category (where the "general" isn't in the URL) was
- broken. New help presentation shows the same row that shows on
- the actual options page.
-
- - cron/crontab.in crontab template had wrong name for senddigests.
-
- - Default digest format setting, as distributed, is now non-MIME,
- on urging of reasoned voices asserting that there are still
- enough bad MIME implementations in the world to be a nuisance to
- too many users if MIME is the default. Sigh.
-
- - MIME digests now preserve the structure of MIME postings,
- keeping attachments as attachments, etc. They also are more
- structured in general.
-
- - Added README instructions explaining how to determine the right
- UID and GID settings for the wrapper executables, and improved
- some of the explanations about exploratory interaction
- w/mailman.
-
- - Removed the constraint that subscribers have their domain
- included in a static list in the code. We might want to
- eventually reincorporate the check for the sake of a warning
- message, to give a heads up to the subscriber, but try delivery
- anyway...
-
- - Added missing titles to error docs.
-
- - Improved several help details, including particularly explaining
- better how real_name setting is used.
-
- - Strengthened admonition against setting reply_goes_to_list.
-
- - Added X-BeenThere header to postings for the sake of prevention
- of external mail loops.
-
- - Improved handling of bounced messages to better recognize
- members address, and prevent duplicate attempts to react (which
- could cause superfluous notices to administrator).
-
- - Added __delitem__ method to mm_message.OutgoingMessage, to fix
- the intermediate patch posted just before this one.
-
- - Using keyword substitution format for more message text (ie,
- "substituting %(such)s into text" % {'such': "something"}) to
- make the substitutions less fragile and, presumably, easier to
- debug.
-
- - Removed hardwired (and failure-prone) /tmp file logging from
- answer.majordomo_mail, and generally spiffed up following janne
- sinkkonen's lead.
-
-1.0b2 (13-Apr-1998)
-1.0b1 (09-Apr-1998)
-
- Web pages much more polished
- - Better organized, text more finely crafted
- - Easier, more refined layout
- - List info and admin interface overviews, enumerate all public lists
- (via, e.g., http://www.python.org/mailman/listinfo - sans the
- specific list)
- - Admin interface broken into sections, with help elaboration for
- complicated configuration options
-
- Mailing List Archives
- - Integrated with a newer, *much* improved, external pipermail - to be
- found at http://starship.skyport.net/crew/amk/maintained/pipermail.html
- - Private archives protected with mailing list members passwords,
- cookie-fied.
-
- Spam prevention
- - New spam prevention measures catch most if not all spam without
- operator intervention or general constraints on who can post to
- list:
- require_explicit_destination option imposes hold of any postings
- that do not have the list name in any of the to or cc header
- destination addresses. This catches the vast majority of random
- spam.
- Other options (forbidden_posters, bounce_matching_headers) provide
- for filtering of known transgressors.
- - Option obscure_addresses (default on) causes mailing list subscriber
- lists on the web to be slightly mangled so they're not directly
- recognizable as email address by web spiders, which might be
- seeking targets for spammers.
-
- Site configuration arrangement organized - in mailman/mailman/modules:
- - When installing, create a mailman/modules/mm_cfg.py (if there's not
- one already there), using mm_cfg.py.dist as a template.
- mm_default.py contains the distributed defaults, including
- descriptions of the values. mm_cfg.py does a 'from mm_defaults.py
- import *' to get the distributed defaults. Include settings in
- mm_cfg.py for any values in mm_defaults.py that need to be
- customized for your site, after the 'from .. import *'.
- See mm_cfg.py.dist for more details.
-
- Logging
- - Major operations (subscription, admin approval, bounce,
- digestification, cgi script failure tracebacks) logged in files
- using a reliable mechanism
- - Wrapper executables log authentication complaints via syslog
-
- Wrappers
- - All cgi-script wrapper executables combined in a single source,
- easier to configure. (Mail and aliases wrappers separate.)
-
- List structure version migration
- - Provision for automatic update of list structures when moving to a
- new version of the system. See modules/versions.py.
-
- Code cleaning
- - Many more module docstrings, __version__ settings, more function
- docstrings.
- - Most unqualified exception catches have been replaced with more
- finely targeted catches, to avoid concealing bugs.
- - Lotsa long lines wrapped (pet peeve:).
-
- Random details (not complete, sorry):
- - make archival frequency a list option
- - Option for daily digest dispatch, in addition to size threshhold
- - make sure users only get one periodic password notifcation message for
- all the lists they're on (repaired 1.0b1.1 varying-case mistake)
- - Fix rmlist sans-argument bug causing deletion of all lists!
- - doubled generated random passwords to four letters
- - Cleaned lots and lots of notices
- - Lots and lots of html page cleanup, including table-of-contents, etc
- - Admin options sections - don't do the "if so" if the ensuing list
- is empty
- - Prevent list subject-prefix cascade
- - Sources under CVS
- - Various spam filters - implicit-destination, header-field
- - Adjusted permissions for group access
- - Prevent redundant subscription from redundant vetted requests
- - Instituted centralize, robustish logging
- - Wrapper sources use syslog for logging (john viega)
- - Sorting of users done on presentation, not in list.
- - Edit options - give an error for non-existent users, not an options page.
- - Bounce handling - offer 'disable' option, instead of remove, and
- never remove without notifying admin
- - Moved subscribers off of listinfo (and made private lists visible
- modulo authentication)
- - Parameterize default digest headers and footers and create some
- - Put titles on cgi result pages that do not get titles (all?)
- - Option for immediate admin notifcation via email of pending
- requests, as well as periodic
- - Admin options web-page help
- - Enabled grouped and cascading lists despite implicit-name constraint
- - Changed subscribers list so it has its own script (roster)
- - Welcome pages: http://www.python.org/mailman/{admin,listinfo}/
-
-0.95 (25-Jan-1997)
- - Fixed a bug in sending out digests added when adding disable mime option.
- - Added an option to not notify about bounced posts.
- - Added hook for pre-posting filters. These could be used to
- auto-strip signatures. I'm using the feature to auto-strip footers
- that are auto-generated by mail received from another mailing list.
-
-0.94 (22-Jan-1997)
- - Made admin password work ubiquitously in place of a user password.
- - Added an interface for getting / setting user options.
- - Added user option to disable mime digests (digested people only)
- - Added user option to not receive your own posts (nondigested people only)
- - Added user option to ack posts
- - Added user option to disable list delivery to their box.
- - Added web interface to user options
- - Config number of sendmail spawns on a per-list basis
- - Fixed extra space at beginning of each message in digests...
- - Handled comma separated emails in bounce messages...
- - Added a FindUser() function to MailList. Used it where appropriate.
- - Added mail interface to setting list options.
- - Added name links to the templates options page
- - Added an option so people can hide their names from the subscription list.
- - Added an answer_majordomo_mail script for people switching...
-
-0.93 (18/20-Jan-1997)
- - When delivering to list, don't call sendmail directly. Write to a file,
- and then run the new deliver script, which forks and exits in the parent
- immediately to avoid hanging when delivering mail for large lists, so that
- large lists don't spend a lot of time locked.
- - GetSender() no longer assumes that you don't have an owner-xxx address.
- - Fixed unsubscribing via mail.
- - Made subscribe via mail generate a password if you don't supply one.
- - Added an option to clobber the date in the archives to the date the list
- resent the post, so that the archive doesn't get mail from people sending
- bad dates clumped up at the beginning or end.
- - Added automatic error message processing as an option. Currently
- logging to /tmp/bounce.log
- - Changed archive to take a list as an argument, (the old way was broken)
- - Remove (ignore) spaces in email addresses
- - Allow user passwords to be case insensitive.
- - Removed the cleanup script since it was now redundant.
- - Fixed archives if there were no archives.
- - Added a Lock() call to Load() and Create(). This fixes the
- problem of loading then locking.
- - Removed all occurances of Lock() except for the ones in mailing
- list since creating a list
- now implicitly locks it.
- - Quote single periods in message text.
- - Made bounce system handle digest users fairly.
-
-0.92 (13/16-Jan-1997)
- - Added Lock and Unlock methods to list to ensure each operation is atomic
- - Added a cmd that rms all files of a mailing list (but not the aliases)
- - Fixed subscribing an unknown user@localhost (confirm this)
- - Changed the sender to list-admin@... to ensure we avoid mail loops.
- - check to make sure there are msgs to archive before calling pipermail.
- - started using this w/ real mailing lists.
- - Added a cron script that scours the maillog for User/Host unknown errs
- - Sort membership lists
- - Always display digest_is_default option
- - Don't slam the TO list unless you're sending a digest.
- - When making digest summaries, if missing sender name, use their email.
- - Hacked in some protection against crappy dates in pipermail.py
- - Made it so archive/digest volumes can go up monthly for large large lists.
- - Number digest messages
- - Add headers/footers to each message in digest for braindead mailers
- - I removed some forgotten debug statements that caused server errors
- when a CGI script sent mail.
- - Removed loose_matches flag, since everything used it.
- - Fixed a problem in pipermail if there was no From line.
- - In upvolume_ scripts, remove INDEX files as we leave a volume.
- - Threw a couple of scripts in bin for generating archives from majordomo's
- digest-archives. I wouldn't recommend them for the layman, though, they
- were meant to do a job quickly, not to be usable.
-
-0.91 (23-Dec-1996)
- - broke code into mixins for managability
- - tag parsing instead of lots of gsubs
- - tweaked pipermail (see comments on pipermail header)
- - templates are now on a per-list basis as intended.
- - request over web that your password be emailed to you.
- - option so that web subscriptions require email confirmation.
- - wrote a first pass at an admin interface to configurable variables.
- - made digests mime-compliant.
- - added a FakeFile class that simulates enough of a file object on a
- string of text to fool rfc822.Message in non-seek mode.
- - changed OutgoingMessage not to require its args in constructor.
- - added an admin request DB interface.
- - clearly separated the internal name from the real name.
- - replaced lots of ugly, redundant code w/ nice code.
- (added Get...Email() interfaces, GetScriptURL, etc...)
- - Wrote a lot of pretty html formatting functions / classes.
- - Fleshed out the newlist command a lot. It now mails the new list
- admin, and auto-updates the aliases file.
- - Made multiple owners acceptable.
- - Non-advertised lists, closed lists, max header length, max msg length
- - Allowed editing templates from list admin pages.
- - You can get to your info page from the web even if the list is closed.
-
-
-Local Variables:
-mode: indented-text
-indent-tabs-mode: nil
-End:
diff --git a/docs/OLD-NEWS.txt b/docs/OLD-NEWS.txt
new file mode 100644
index 000000000..c87635640
--- /dev/null
+++ b/docs/OLD-NEWS.txt
@@ -0,0 +1,2835 @@
+Mailman - The GNU Mailing List Management System
+Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+
+Here is a history of user visible changes to Mailman.
+
+2.1.10b4 (13-Mar-2008)
+
+ Security
+
+ - The 2.1.9 fixes for CVE-2006-3636 were not complete. In particular,
+ some potential cross-site scripting attacks were not detected in
+ editing templates and updating the list's info attribute via the web
+ admin interface. This has been assigned CVE-2008-0564 and has been
+ fixed. Thanks again to Moritz Naumann for assistance with this.
+
+ New Features
+
+ - Changed cmd_who.py to list all members if authorization is with the
+ list's admin or moderator password and to accept the password if the
+ roster is public. Also changed the web roster to show hidden members
+ when authorization is by site or list's admin or moderator password
+ (1587651).
+
+ - Added the ability to put a list name in accept_these_nonmembers
+ to accept posts from members of that list (1220144).
+
+ - Added a new 'sibling list' feature to exclude members of another list
+ from receiving a post from this list if the other list is in the To: or
+ Cc: of the post or to include members of the other list if that list is
+ not in the To: or Cc: of the post (Patch ID 1347962).
+
+ - Added the admin_member_chunksize attribute to the admin General Options
+ interface (Bug 1072002, Partial RFE 782436).
+
+Internationalization
+
+ - Added the Hebrew translation from Dov Zamir. This includes addition of
+ a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table. The
+ add_language() function defaults direction to 'ltr' to not break
+ existing mm_cfg.py files.
+
+ - Added the Slovak translation from Martin Matuska.
+
+ - Added the Galician translation from Frco. Javier Rial Rodríguez.
+
+ Bug fixes and other patches
+
+ - Added bounce recognition for several additional bounce formats.
+
+ - Fixed CommandRunner.py to decode a quoted-printable or base64 encoded
+ message part (1829061).
+
+ - Fixed Scrubber.py to avoid loss of an implicit text/plain message part
+ with no Content-* headers in a MIME multipart message (759841). Fixed
+ several other minor scrubber issues (1242450).
+
+ - Added Date and Message-ID headers to the confirm reply message that
+ Mailman adds to the admin notification (1471318).
+
+ - Fixed Cgi/options.py to not present the "empty" topic to user.
+
+ - Fixed Handlers/CalcRecips.py to not process topics if topics are
+ disabled for the list. This caused users who had previously subscribed
+ to topics and elected to not receive non-matching posts to receive no
+ messages after topics were disabled for the list.
+
+ - Fixed MaildirRunner.py to handle hyphenated list names.
+
+ - Fixed a bug in MimeDel.py (content filtering) which caused
+ *_filename_extensions to not match if the extension in the message was
+ not all lower case.
+
+ - Fixed versions.py to not call a non-existant method when converting held
+ posts from Mailman 1.0.x lists.
+
+ - Added a test to configure to detect a missing python-devel package on
+ some RedHat systems.
+
+ - Fixed bin/dumpdb to once again be able to dump marshals (broken since
+ 2.1.5) (963137).
+
+ - Worked around a bug in the Python email library that could cause Mailman
+ to not get the correct value for the sender of a message from an RFC
+ 2231 encoded header causing spurious held messages.
+
+ - Fixed bin/check_perms to detect certain missing permissions on the
+ archives/private/ and archives/private/<list>/database/ directories.
+
+ - Improved exception handling in cron/senddigests.
+
+ - Changed the admindb page to not show the "Discard all messages marked
+ Defer" checkbox when there are only (un)subscribes and no held messages.
+ Also added a separator and heading for "Held Messages" like the ones for
+ "Subscribe Requests" and "Unsubscribe Requests". Suppressed the
+ "Database Updated" message when coming from the login page. Also
+ removed the "Discard all messages marked Defer" checkbox from the
+ details page where it didn't work (1562922, 1000699).
+
+ - Fixed admin.py so null VARHELP category is handled (1573393).
+
+ - Fixed OldStyleMemberships.py to preserve delivery statuses BYADMIN
+ and BYUSER on a straight change of address (1642388). Also fixed a
+ bug that could result in a member key with uppercase in the domain.
+
+ - Fixed bin/withlist so that -r can take a full package path to a
+ callable.
+
+ - Removal of DomainKey/DKIM signatures is now controlled by Defaults.py
+ mm_cfg.py variable REMOVE_DKIM_HEADERS (default = No). Also, if
+ REMOVE_DKIM_HEADERS = Yes, an Authentication-Results: header will be
+ removed if present.
+
+ - The DeprecationWarning issued by Python 2.5 regarding string exceptions
+ is supressed.
+
+ - format=flowed and delsp=yes are now preserved for message bodies when
+ message headers/footers are added and attachments are scrubbed
+ (1495122).
+
+ - Queue runner processing is improved to log and preserve for analysis in
+ the shunt queue certain bad queue entries that were previously logged
+ but lost. Also, entries are preserved when an attempt to shunt throws
+ an exception (1656289).
+
+ - The admin Membership List pages have been changed in that the email
+ address which forms a part of the various CGI data keys is now
+ urllib.quote()ed. This allows changing options for and unsubbing an
+ address which contains a double-quote character, but it may require
+ changes to scripts that screen-scrape the web admin interface to
+ produce a membership list so they will report an unquoted address.
+
+ - The fix for bug 1181161 in 2.1.7 was incomplete. The Approve(d): line
+ wasn't always found in quoted-printable encoded parts and was never
+ found in base64 encoded parts. This is now fixed.
+
+ - Fixed a mail loop if a list owner puts the list's -bounces or -admin
+ address in the list's owner attribute (1834569).
+
+ - Fixed the mailto: link in archived messages to prefix the subject with
+ Re: and to put the correct message-id in In-Reply-To (1621278, 1834281).
+
+ - Coerced list name arguments to lower case in the change_pw, inject,
+ list_admins and list_owners command line tools (patch 1842412).
+
+ - Fixed cron/disabled to test if bounce info is stale before disabling
+ a member when the threshold has been reduced.
+
+ - It wasn't noted here, but in 2.1.9, queue runner processing was made
+ more robust by making backups of queue entries when they were dequeued
+ so they could be recovered in the event of a system failure. This
+ opened the possibility that if a message itself caused a runner to
+ crash, a loop could result that would endlessly reprocess the message.
+ This has now been fixed by adding a dequeue count to the entry and
+ moving the entry aside and logging the fact after the third dequeue of
+ the same entry.
+
+ - Fixed the command line scripts add_members, sync_members and
+ clone_member to properly handle banned addresses (1904737).
+
+ - Fixed bin/newlist to add the list's preferred language to the list's
+ available_languages if it is other than the server's default language
+ (1906368).
+
+ - Changed the first URL in the RFC 2369 List-Unsubscribe: header to go
+ to the options login page instead of the listinfo page.
+
+ - Changed the options login page to not issue the "No address given" error
+ when coming from the List-Unsubscribe and other direct links. Also
+ changed to remember the user's language selection when redisplaying the
+ page following an error.
+
+ - Changed cmd_subscribe.py to properly accept (no)digest without a
+ password and to recognize (no)digest and address= case insensitively.
+
+ Miscellaneous
+
+ - Brad Knowles' mailman daily status report script updated to 0.0.17.
+
+2.1.9 (12-Sep-2006)
+
+ Security
+
+ - A malicious user could visit a specially crafted URI and inject an
+ apparent log message into Mailman's error log which might induce an
+ unsuspecting administrator to visit a phishing site. This has been
+ blocked. Thanks to Moritz Naumann for its discovery.
+
+ - Fixed denial of service attack which can be caused by some
+ standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
+
+ - Several cross-site scripting issues have been fixed. Thanks to Moritz
+ Naumann for their discovery. CVE-2006-3636
+
+ - Fixed an unexploitable format string vulnerability. Discovery and fix
+ by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze.
+ Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
+
+ Internationalization
+
+ - New languages: Arabic, Vietnamese.
+
+ Bug fixes and other patches
+
+ - Fixed Decorate.py so that characters in message header/footer which
+ are not in the character set of the list's language are ignored rather
+ than causing shunted messages (1507248).
+
+ - Switchboard.py - Closed very tiny holes at the upper ends of queue
+ slices that could result in unprocessable queue entries. Improved FIFO
+ processing when two queue entries have the same timestamp.
+
+2.1.8 (15-Apr-2006)
+
+ Security
+
+ - A cross-site scripting hole in the private archive script of 2.1.7
+ has been closed. Thanks to Moritz Naumann for its discovery.
+
+ Bug fixes and other patches
+
+ - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
+ and several others.
+
+ - Updated email library to 2.5.7 which will encode payload into qp/base64
+ upon setting. This enabled backing out the scrubber related patches
+ including 'X-Mailman-Scrubbed' header in 2.1.7.
+
+ - Fix SpamDetect.py potential hold/reject loop problem.
+
+ - A warning message from email package to the stderr can cause error
+ in Logging because stderr may be detached from the process during
+ the qrunner run. We chose not to output errors to stderr but to
+ the logs/error if the process is running under mailmanctl subprocess.
+
+ - DKIM header cleansing was separated from Cleanse.py and added to
+ -owner messages too.
+
+ - Fixes: Lose Topics when go directly to topics URL (1194419).
+ UnicodeError running bin/arch (1395683). edithtml.py missing import
+ (1400128). Bad escape in cleanarch. Wrong timezone in list archive
+ index pages (1433673). bin/arch fails with TypeError (1430236).
+ Subscription fails with some Language combinations (1435722).
+ Postfix delayed notification not recognized (863989). 2.1.7 (VERP)
+ mistakes delay notice for bounce (1421285). show_qfiles: 'str'
+ object has no attribute 'as_string' (1444447). Utils.get_domain()
+ wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
+
+ Miscellaneous
+
+ - Brad Knowles' mailman daily status report script updated to 0.0.16.
+
+2.1.7 (31-Dec-2005)
+
+ Security
+
+ - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
+ message instead of just quietly dropping ./ and ../ from URLs.
+
+ - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
+ been solved in Mailman 2.1.6, there may be more cases where
+ ToDigest.send_digests() can block regular delivery. We put the
+ send_digests() calling part in a try/except clause and leave a message
+ in the error log if something happened in send_digests(). Daily call of
+ cron/senddigests will provide more detail to the site administrator.
+
+ - List administrators can no longer change the user's option/subscription
+ globally. Site admin can change these only if
+ mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
+
+ - <script> tags are HTML-escaped in the edithtml CGI script.
+
+ - Since the probe message for disabled users may reach unintended
+ recipients, the password is excluded from sendProbe() and probe.txt.
+ Note that the default value of VERP_PROBE has been set to `No' from
+ 2.1.6., thus this change doesn't affect the default behavior.
+
+ New Features
+
+ - Always remove DomainKey (and similar) headers from messages sent to the
+ list. (1287546)
+
+ - List owners can control the content filter behavior when collapsing
+ multipart/alternative parts to its first subpart. This allows the
+ option of letting the HTML part pass through after other content
+ filtering is done.
+
+ Internationalization
+
+ - New language: Interlingua.
+
+ Bug fixes and other patches
+
+ - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
+ safer operation.
+
+ - Fixed the bug where Scrubber.py munges quoted-printable by introducing
+ the 'X-Mailman-Scrubbed' header which marks that the payload is
+ scrubber-munged. The flag is referenced in ToDigest.py, ToArchive.py,
+ Decorate.py and Archiver. A similar problem in ToDigest.py where the
+ plain digest is generated is also fixed.
+
+ - Fixed Syslog.py to write quopri encoded messages when it fail to write
+ 8-bit characters.
+
+ - Fixed MTA/Postfix.py to check aliases group permission in check_perms
+ and fixed mailman-install document on this matter (1378270).
+
+ - Fixed private.py to go to the original URL after authorization
+ (1080943).
+
+ - Fixed bounce log score messages to be more consistent.
+
+ - Fixed bin/remove_members to accept no arguments when both --fromall and
+ --file= options are specified.
+
+ - Changed cgi-bin and mail wrapper "group not found" error message to be
+ more descriptive of the actual problem.
+
+ - The list's ban_list now applies to address changes, admin mass
+ subscribes and invites, and to confirmations/approvals of address
+ changes, subscriptions and invitations.
+
+ - quoted-printable and base64 encoded parts are decoded before passing to
+ HTML_TO_PLAIN_TEXT_COMMAND (1367783).
+
+ - Approve: header is removed from posts, and treated the same as the
+ Approved: header. (1355707)
+
+ - Fixed the removal of the line following Approve[d]: line in body of
+ post. (1318883)
+
+ - The Approve[d]: <password> header is removed from all text/* parts in
+ addition the initial text/plain part. It must still be the first
+ non-blank line in the first text/plain part or it won't be found or
+ removed at all. (1181161)
+
+ - Posts are now logged in post log file with the true sender, not
+ listname-bounces. (1287921)
+
+ - Correctly initialize and remember the list's default_member_moderation
+ attribute in the web list creation page. (1263213)
+
+ - PEP263 charset is added to the config_list output. (1343100)
+
+ - Fixed header_filter_rules getting lost if accessed directly and
+ authentication was needed by login page. (1230865)
+
+ - Obscure email when the poster doesn't set full name in 'From:' header.
+
+ - Preambles and epilogues are taken into account when calculating message
+ sizes for holding purposes. (Mark Sapiro)
+
+ - Logging/Logger.py unicode transform option. (1235567)
+
+ - bin/update crashes with bogus files. (949117)
+
+ - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
+
+2.1.6 (30-May-2005)
+
+ Security
+
+ - Critical security patch for path traversal vulnerability in private
+ archive script (CAN-2005-0202).
+
+ - Added the ability for Mailman generated passwords (both member and list
+ admin) to be more cryptographically secure. See new configuration
+ variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
+ ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called
+ reset_pw.py which can be used to reset all member passwords. Passwords
+ generated by Mailman are now 8 characters by default for members, and 10
+ characters for list administrators.
+
+ - A potential cross-site scripting hole in the driver script has been
+ closed. Thanks to Florian Weimer for its discovery. Also, turn
+ STEALTH_MODE on by default.
+
+ Internationalization
+
+ - Chinese languages are now supported. They have been moved from 'big5'
+ and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
+ spec. Note, however, that the character sets were changed from 'Big5'
+ or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
+ Python 2.3 and earlier. You may have to install Chinese capable codecs
+ (like CJKCodecs) separately to handle the incoming messages which are in
+ local charsets, or upgrade your Python to 2.4 or newer.
+
+ Behavior or defaults changes
+
+ - VERP_PROBES is disabled by default.
+
+ - bin/withlist can be run without a list name, but only if -i is given.
+ Also, withlist puts the directory it's found in at the end of sys.path,
+ making it easier to run withlist scripts that live in $prefix/bin.
+
+ - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
+ lets the user provide the web and email hostnames for the new mailing
+ list. This is a better way to specify the domain for the list, rather
+ than the old 'mylist@hostname' syntax (which is still supported for
+ backward compatibility, but deprecated).
+
+ Compatibility
+
+ - Python 2.4 compatibility issue: time.strftime() became strict about the
+ 'day of year' range. (1078482)
+
+ New Features
+
+ - New feature: automatic discards of held messages. List owners can now
+ set how many days to hold the messages in the moderator request queue.
+ cron/checkdb will automatically discard old messages. See the
+ max_days_to_hold variable in the General Options and
+ DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py. This defaults to 0
+ (i.e. disabled). (790494)
+
+ - New feature: subject_prefix can be configured to include a sequence
+ number which is taken from the post_id variable. Also, the prefix is
+ always put at the start of the subject, i.e. "[list-name] Re: original
+ subject", if mm_cfg.OLD_STYLE_PREFIXING is set No. The default style
+ is "Re: [list-name]" if numbering is not set, for backward compatibility.
+ If the list owner is using numbering feature by "%d" directive, the new
+ style, "[list-name 123] Re:", is always used.
+
+ - List owners can now cusomize the non-member rejection notice from
+ admin/<listname>/privacy/sender page. (1107169)
+
+ - Allow editing of the welcome message from the admin page (1085501).
+
+ - List owners can now use Scrubber to get the attachments scrubbed (held
+ in the web archive), if the site admin permits it in mm_cfg.py. New
+ variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
+ SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
+ behavior. (904850)
+
+ Documentation
+
+ - Most of the installation instructions have been moved to a latex
+ document. See doc/mailman-install/index.html for details.
+
+ Bug fixes and other patches
+
+ - Mail-to-news gateway now strips subject prefix off from a response
+ by a mail user if news_prefix_subject_too is not set.
+
+ - Date and Message-Id headers are added for digests. (1116952)
+
+ - Improved mail address sanity check. (1030228)
+
+ - SpamDetect.py now checks attachment header. (1026977)
+
+ - Filter attachments by filename extensions. (1027882)
+
+ - Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
+ 1020013 (fix spam filter removed), 665569 (newer Postfix bounce
+ detection), 970383 (moderator -1 admin requests pending), 873035
+ (subject handling in -request mail), 799166/946554 (makefile
+ compatibility), 872068 (add header/footer via unicode), 1032434
+ (KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
+ (fix pipermail URL), 948152 (Out of date link on Docs), 1099138
+ (Scrubber.py breaks on None part), 1099840/1099840 (deprecated %
+ insertion), 880073/933762 (List-ID RFC compliance), 1090439 (passwd
+ reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
+ 1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
+ permission after editing html)
+
+2.1.5 (15-May-2004)
+
+ - The admindb page has a checkbox that allows you to discard all held
+ messages that are marked Defer. On heavy lists with lots of spam holds,
+ this makes clearing them much faster.
+
+ - The qrunner system has changed to use only one file per message.
+ However the configuration variable METADATA_FORMAT has been removed, and
+ support for SAVE_MSGS_AS_PICKLES has been changed. The latter no longer
+ writes messages as plain text. Instead, they are stored as pickles of
+ plain strings, using the text pickle format. This still makes them
+ non-binary files readable and editable by humans.
+
+ bin/dumpdb also works differently. It will print out the entire pickle
+ file (with more verbosity) and if used with 'python -i', it binds msg to
+ a list of all objects found in the pickle file.
+
+ Removed from Defaults.py: PENDINGDB_LOCK_TIMEOUT,
+ PENDINGDB_LOCK_ATTEMPTS, METAFMT_MARSHAL, METAFMT_BSDDB_NATIVE,
+ METAFMT_ASCII, METADATA_FORMAT
+
+ - The bounce processor has been redesigned so that now when an address's
+ bounce score reaches the threshold, that address will be sent a probe
+ message. Only if the probe bounces will the address be disabled. The
+ score is reset to zero when the probe is sent. Also, bounce events are
+ now kept in an event file instead of in memory. This should help
+ contain the bloat of the BounceRunner.
+
+ New supporting variables in Defaults.py: VERP_PROBE_FORMAT,
+ VERP_PROBE_REGEXP
+
+ REGISTER_BOUNCES_EVERY is promoted to a Defaults.py variable.
+
+ - The pending database has been changed from a global pickle file, to a
+ unique pickle file per mailing list.
+
+ - The 'request' database file has changed from a marshal, to the more
+ secure pickle format.
+
+ - Disallow multiple password retrievals.
+
+ - SF patch #810675 which adds a "Discard all messages marked Defer" button
+ for faster admindb maintenance.
+
+ - The email package is updated to version 2.5.5.
+
+ - New language: Turkish.
+
+ - Bugs and patches: 869644, 869647 (NotAMemberError for old cookie data),
+ 878087 (bug in Slovenian catalog), 899263 (ignore duplicate pending
+ ids), 810675 (discard all defers button)
+
+2.1.4 (31-Dec-2003)
+
+ - Close some cross-site scripting vulnerabilities in the admin pages
+ (CAN-2003-0965).
+
+ - New languages: Catalan, Croatian, Romanian, Slovenian.
+
+ - New mm_cfg.py/Defaults.py variable PUBLIC_MBOX which allows the site
+ administrator to disable public access to all the raw list mbox files
+ (this is not a per-list configuration).
+
+ - Expanded header filter rules under Privacy -> Spam Filters. Now you can
+ specify regular expression matches against any header, with specific
+ actions tied to those matches.
+
+ - Rework the SMTP error handling in SMTPDirect.py to avoid scoring bounces
+ for all recipients when a permanent error code is returned by the mail
+ server (e.g. because of content restrictions).
+
+ - Promoted SYNC_AFTER_WRITE to a Default.py/mm_cfg.py variable and
+ make it control syncing on the config.pck file. Also, we always flush
+ and sync message files.
+
+ - Reduce archive bloat by not storing the HTML body of Article objects in
+ the Pipermail database. A new script bin/rb-archfix was added to clean
+ up older archives.
+
+ - Proper RFC quoting for List-ID descriptions.
+
+ - PKGDIR can be passed to the make command in order to specify a different
+ directory to unpack the distutils packages in misc. (SF bug 784700).
+
+ - Improved logging of the origin of subscription requests.
+
+ - Bugs and patches: 832748 (unsubscribe_policy ignored for unsub button on
+ member login page), 846681 (bounce disabled cookie was always out of
+ date), 835870 (check VIRTUAL_HOST_OVERVIEW on through the web list
+ creation), 835036 (global address change when the new address is already
+ a member of one of the lists), 833384 (incorrect admin password on a
+ hold message confirmation attachment would discard the message), 835012
+ (fix permission on empty archive index), 816410 (confirmation page
+ consistency), 834486 (catch empty charsets in the scrubber), 777444 (set
+ the process's supplemental groups if possible), 860135 (ignore
+ DiscardMessage exceptions during digest scrubbing), 828811 (reduce
+ process size for list and admin overviews), 864674/864676 (problems
+ accessing private archives and rosters with admin password), 865661
+ (Tokio Kikuchi's i18n patches), 862906 (unicode prefix leak in admindb),
+ 841445 (setting new_member_options via config_list), n/a (fixed email
+ command 'set delivery')
+
+2.1.3 (28-Sep-2003)
+
+ Performance, Reliability, Security
+
+ - Closed a cross-site scripting exploit in the create cgi script.
+
+ - Improvements in the performance of the bounce processor.
+ Now, instead of processing each bounce immediately (which
+ can cause severe lock contention), bounce events are queued.
+ Every 15 minutes by default, the queued bounce events are
+ processed en masse, on a list-per-list basis, so that each
+ list only needs to be locked once.
+
+ - When some or all of a message's recipients have temporary
+ delivery failures, the message is moved to a "retry" queue.
+ This queue wakes up occasionally and moves the file back to
+ the outgoing queue for attempted redelivery. This should
+ fix most observed OutgoingRunner 100% cpu consumption,
+ especially for bounces to local recipients when using the
+ Postfix MTA.
+
+ - Optional support for fsync()'ing qfile data after writing.
+ Under some catastrophic system failures (e.g. power lose),
+ it would be possible to lose messages because the data
+ wasn't sync'd to disk. By setting SYNC_AFTER_WRITE to True
+ in Mailman/Queue/Switchboard.py, you can force Mailman to
+ fsync() queue files after flushing them. The benefits are
+ debatable for most operating environments, and you must
+ ensure that your Python has the os.fsync() function defined
+ before enabling this feature (it isn't, even on all
+ Unix-like operating systems).
+
+ Internationalization
+
+ - New languages Ukrainian, Serbian, Danish, Euskara/Basque.
+
+ - Fixes to template lookup. Lists with local overriding
+ templates would find the wrong template.
+
+ - .mo files (for internationalization) are now generated at
+ build time instead of coming as part of the source
+ distribution.
+
+ Documentation
+
+ - A first draft of member documentation by Terri Oda. There
+ is also a Japanese translation of this manual by Ikeda Soji.
+
+ Archiver / Pipermail
+
+ - In the configuration variables PUBLIC_EXTERNAL_ARCHIVER, and
+ PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been added to
+ the list of allowable substitution variables.
+
+ - The timezone is now taken into account when figuring the
+ posting date for an article.
+
+ Scripts / Cron
+
+ - Fixes to cron/disabled for NotAMemberError crashes.
+
+ - New script bin/show_qfiles which prints the contents of .pck
+ message files. New script bin/discard which can be used to
+ mass discard held messages.
+
+ - Fixes to cron/mailpasswds to account for old password-less
+ subscriptions.
+
+ - bin/list_members has grown two new options: --invalid/-i
+ prints only the addresses in the member database that are
+ invalid (which could have snuck in via old releases);
+ --unicode/-u prints addresses which are stored as Unicode
+ objects instead of as normal strings.
+
+ Miscellaneous
+
+ - Fixes to problems in some configurations where Python wouldn't
+ be able to find its standard library.
+
+ - Fixes to the digest which could cause MIME-losing missing
+ newlines when parts are scrubbed via the content filters.
+
+ - In the News/Mail gateway admin page, the configuration variable
+ nntp_host can now be a name:port pair.
+
+ - When messages are pulled from NNTP, the member moderation checks
+ are short-circuited.
+
+ - email 2.5.4 is included. This fixes an RFC 2231 bug, among
+ possibly others.
+
+ - Fixed some extra spaces that could appear in the List-ID header.
+
+ - Fixes to ensure that invalid email addresses can't be invited.
+
+ - WEB_LINK_COLOR in Defaults.py/mm_cfg.py should now work.
+
+ - Fixes so that shunted message file names actually match
+ those logged in log/errors.
+
+ - An improved pending action cookie generation algorithm has
+ been added.
+
+ - Fixes to the DSN bounce detector.
+
+ - The usual additional u/i, internationalization, unicode, and
+ other miscellaneous fixes.
+
+2.1.2 (22-Apr-2003)
+
+ - New languages Portuguese (Portugal) and Polish.
+
+ - Many convenient constants have been added to the Defaults.py
+ module to (hopefully) make it more readable.
+
+ - Email addresses which contain 8-bit characters in them are now
+ rejected and won't be subscribed. This is not the same as 8-bit
+ characters in the realname, which is still allowed.
+
+ - The X-Originating-Email header is removed for anonymous lists.
+ Hotmail apparently adds this header.
+
+ - When running make to build Mailman, you can specify $DESTDIR to
+ the install target to specify an alternative location for
+ installation, without influencing the paths stored in
+ e.g. Defaults.py. This is useful to package managers.
+
+ - New Defaults.py variable DELIVERY_RETRY_WAIT which controls how
+ long the outgoing qrunner will wait before it retries a
+ tempfailure delivery.
+
+ - The semantics for the extend.py hook to MailList objects has
+ changed slightly. The hook is now called before attempting to
+ lock and load the database.
+
+ - Mailman now uses the email package version 2.5.1
+
+ - bin/transcheck now checks for double-%'s
+
+ - bin/genaliases grew a -q / --quiet flag
+
+ - cron/checkdbs grew a -h / --help option.
+
+ - The -c / --change-msg option has been removed from bin/add_members
+
+ - bin/msgfmt.py has been added, taken from Python 2.3's Tools/i18n
+ directory. The various .mo files are now no longer distributed
+ with Mailman. They are generated at build time instead.
+
+ - A new file misc/sitelist.cfg which can be used with
+ bin/config_list provides a small number of recommended settings
+ for your site list. Be sure to read it over before applying!
+ sitelist.cfg is installed into the data directory.
+
+ - Many bug fixes, including these SourceForge bugs closed and
+ patches applied: 677668, 690448, 700538, 700537, 673294, 683906,
+ 671294, 522080, 521124, 534297, 699900, 697321, 695526, 703941,
+ 658261, 710678, 707608, 671303, 717096, 694912, 707624, 716755,
+ 661138, 716754, 716702, 667167, 725369, 726415
+
+
+2.1.1 (08-Feb-2003)
+
+ Lots of bug fixes and language updates. Also:
+
+ - Closed a cross-site scripting vulnerability in the user options page.
+
+ - Restore the ability to control which headers show up in messages
+ included in plaintext and MIME digests. See the variables
+ PLAIN_DIGEST_KEEP_HEADERS and MIME_DIGEST_KEEP_HEADERS in
+ Defaults.py.
+
+ - Messages included in the plaintext digests are now sent through
+ the scrubber to remove (and archive) attachments. Otherwise,
+ attachments would screw up plaintext digests. MIME digests
+ include the attachments inline.
+
+2.1 final (30-Dec-2002)
+
+ Last minute bug fixes and language updates.
+
+2.1 rc 1 (24-Dec-2002)
+
+ Bug fixes and language updates. Also,
+
+ - Lithuanian support has been added.
+
+ - bin/remove_members grew --nouserack and --noadminack switches
+
+ - configure now honors --srcdir
+
+2.1 beta 6 (09-Dec-2002)
+
+ Lots and lots of bug fixes, and translation updates. Also,
+
+ - ARCHIVER_OBSCURES_EMAILADDRS is now set to true by default.
+
+ - QRUNNER_SAVE_BAD_MESSAGES is now set to true by default.
+
+ - Bounce messages which were recognized, but in which no member
+ addresses were found are no longer forwarded to the list
+ administrator.
+
+ - bin/arch grew a --wipe option which first removes the entire old
+ archive before regenerating the new one.
+
+ - bin/mailmanctl -u now prints a warning that permission problems
+ could appear, such as when trying to delete a list through the
+ web that has some archives in it.
+
+ - bin/remove_members grew --nouserack/-n and -noadminack/-N options.
+
+ - A new script bin/list_owners has been added for printing out
+ list owners and moderators.
+
+ - Dates in the web version of archived messages are now relative
+ to the local timezone, and include the timezone names, when
+ available.
+
+2.1 beta 5 (19-Nov-2002)
+
+ As is typical for a late beta release, this one includes the usual
+ bug fixes, tweaks, and massive new features (just kidding).
+
+ IMPORTANT: If you are using Pipermail, and you have any archives
+ that were created or added to in 2.1b4, you will need to run
+ bin/b4b5-archfix, followed by bin/check_perms to fix some serious
+ performance problems. From you install directory, run
+ "bin/b4b5-archfix --help" for details.
+
+ - The personalization options have been tweaked to provide more
+ control over mail header and decoration personalizations. In
+ 2.1b4, when personalization was enabled, the To and Cc headers
+ were always overwritten. But that's usually not appropriate for
+ anything but announce lists, so now these headers aren't changed
+ unless "Full personalization" is enabled.
+
+ - You now need to go to the General category to enable emergency
+ moderation.
+
+ - The order of the hold modules in the GLOBAL_PIPELINE has
+ changed, again. Now Moderate comes before Hold.
+
+ - Estonian language support has been added.
+
+ - All posted messages should now get decorated with headers and
+ footers in a MIME-safe way. Previously, some MIME type messages
+ didn't get decorated at all.
+
+ - bin/arch grew a -q/--quiet option
+
+ - bin/list_lists grew a -b/--bare option
+
+2.1 beta 4 (26-Oct-2002)
+
+ The usual assortment of bug fixes and language updates, some u/i
+ tweaks, as well as the following:
+
+ - Configuring / building / installing
+ o Tightened up some configure checks; it will now bark loudly
+ if you don't have the Python distutils package available
+ (some Linux distros only include distutils in their "devel"
+ packages).
+
+ o Mailman's username/group security assertions are now done by
+ symbolic name instead of numeric id. This provides a level
+ of indirection that makes it much easier to move or package
+ Mailman. --with-mail-gid and --with-cgi-gid are retained,
+ but they control the group names used instead.
+
+ - Command line scripts
+ o A new script, bin/transcheck that language teams can use to
+ check their .po files.
+
+ o bin/list_members grew a --fullnames/-f option to print the
+ full names along with the addresses.
+
+ o cron/senddigests grew --help/-h and --listname/-l options.
+
+ o bin/fix_url.py grew some command line options to support moving
+ a list to a specific virtual domain.
+
+ - Pipermail / archiving
+ o Reworked the directory layout for archive attachments to be
+ less susceptible to inode overload. Attachments are now
+ placed in
+
+ archives/private/<listname>/attachments/<YYYYMMDD>/<msgidhash>
+
+ o Internationalization support in the archiver has been improved.
+
+ - Internationalization
+ o New languages: Swedish.
+
+ - Mail handling
+ o Content filtering now has a pass_mime_type variable, which
+ is a whitelist of MIME types to allow in postings. See the
+ details of the variable in the Content Filtering category
+ for more information.
+
+ o If a member has enabled their DontReceiveDuplicates option,
+ we'll also strip their addresses from the Cc headers in the
+ copy of the message sent to the list. This helps keep the
+ Cc lines from growing astronomically.
+
+ o Bounce messages are now forwarded to the list administrators
+ both if they are unrecognized, and if no list member's
+ address could be extracted.
+
+ o Content filtering now has a filter_action variable which
+ controls what happens when a message matches the content
+ filter rules. The default is still to discard the message.
+
+ o When searching for an Approve/Approved header, the first
+ non-whitespace line of the body of the message is also
+ checked, if the body has a MIME type of text/plain.
+
+ o If a list is personalized, and the list's posting address is
+ not included in a Reply-To header, the posting address is
+ copied into a Cc header, otherwise there was no (easy) way a
+ recipient could reply back to the list.
+
+ o Added a MS Exchange bounce recognizer.
+
+ o New configuration variable news_moderation which allows the
+ mail->news gateway to properly post to moderated newsgroups.
+
+ o Messages sent to a list's owners now comes from the site
+ list to prevent mail loops when list owners or moderators
+ having bouncing addresses.
+
+ - Miscellaneous
+ o mailanctl prevents runaway restarts by imposing a maximum
+ restart value (defaulting to 10) for restarting the
+ qrunners. If you hit this limit, do "mailmanctl stop"
+ followed by "mailmanctl start".
+
+ o The Membership Management page's search feature now includes
+ searching on members real names.
+
+ o The start of a manual for list administrators is given in
+ Python HOWTO format (LaTeX). It's in doc/mailman-admin.tex
+ but it still needs lots of fleshing out.
+
+ o More protections against creating a list with an invalid name.
+
+2.1 beta 3 (09-Aug-2002)
+
+ The usual assortment of bug fixes and language updates.
+
+ - New languages: Dutch, Portuguese (Brazil)
+
+ - New configure script options: --with-mailhost, --with-urlhost,
+ --without-permcheck. See ./configure --help for details.
+
+ - The encoding of Subject: prefixes is controlled by a new list
+ option encode_ascii_prefixes. This is useful for languages with
+ character sets other than us-ascii. See the Languages admin
+ page for details.
+
+ - A new list option news_prefix_subject_too controls whether
+ postings gated from mail to news should have the subject prefix
+ added to their Subject: header.
+
+ - The algorithm for upgrading the moderation controls for a
+ Mailman 2.0.x list has changed. The change should be
+ transparent, but you'll want to double check the moderation
+ controls after upgrading from MM2.0.x. This should have no
+ effect for upgrades from a previous MM2.1 beta.
+
+ See the UPGRADING file for details.
+
+ - On the Mass Subscribe admin page, a text box has been added so
+ that the admin can add a custom message to be prepended to the
+ welcome/invite notification.
+
+ - On the admindb page, a link is included to more easily reload
+ the page.
+
+ - The Sendmail.py delivery module is sabotaged so that it can't be
+ used naively. You need to read the comments in the file and
+ edit the code to use this unsafe module.
+
+ - When a member sends a `help' command to the request address,
+ the url to their options page is included in the response.
+
+ - Autoresponses, -request command responses, and posting hold
+ notifications are inhibited for any message that has a
+ Precedence: {bulk|list|junk} header. This is to avoid mail
+ loops between email 'bots. If the original message has an
+ X-Ack: yes header, the response is sent.
+
+ Responses are also limited to a maximum number per day, as
+ defined in the site variable MAX_AUTORESPONSES_PER_DAY. This is
+ another guard against 'bot loops, and it defaults to 10.
+
+ - When a Reply-To: header is munged to include both the original
+ and the list address, the list address is always added last.
+
+ - The cron/mailpasswds script has grown a -l/--listname option.
+
+ - The cron/disabled script has grown options to send out
+ notifications for reasons other than bounce-disabled. It has
+ also grown a -f/--force option. See cron/disabled --help for
+ details.
+
+ - The bin/dumpdb script has grown a -n/--noprint option.
+
+ - An experimental new mechanism for processing incoming messages
+ has been added. If you can configure your MTA to do qmail-style
+ Maildir delivery, Mailman now has a MaildirRunner qrunner. This
+ may turn out to be much more efficient and scalable, but for
+ MM2.1, it will not be officially supported. See Defaults.py.in
+ and Mailman/Queue/MaildirRunner.py for details.
+
+2.1 beta 2 (05-May-2002)
+
+ Lots of bug fixing, and the following new features and changes:
+
+ - A "de-mime" content filter feature has been added. This
+ oft-requested feature allows you to specify MIME types that
+ Mailman should strip off of any messages before they're posted
+ to the list. You can also optionally convert text/html to
+ text/plain (by default, through lynx if it's available).
+
+ - Changes to the way the RFC 2919 and 2369 headers (i.e. the
+ List-*: headers) are added:
+ o List-Id: is always added
+ o List-Post:, List-Help:, List-Subscribe:,
+ List-Unsubscribe:, and List-Archive: are only added to
+ posting messages.
+ o X-List-Administrivia: is only added to messages Mailman
+ creates and sends out of its own accord.
+
+ Also, if the site administrator allows it, list owners can
+ suppress the addition of all the List-*: headers. List owners
+ can also separately suppress the List-Post: header for
+ announce-only lists.
+
+ - A new framework for email commands has been added. This allows
+ you to easily add, delete, or change the email commands that
+ Mailman understands, on a per-site, per-list, or even per-user
+ basis.
+
+ - Users can now change their digest delivery type from MIME to
+ plain text globally, for all lists they are subscribed to.
+
+ - No language select pulldowns are shown if the list only supports
+ one language.
+
+ - More mylist-admin eradication.
+
+ - Several performance improvements in the bounce qrunner, one of
+ which is to make it run only once per minute instead of once per
+ second.
+
+ - Korean language support as been added.
+
+ - Gatewaying from news -> mail uses its connections to the nntpd
+ more efficiently.
+
+ - In bin/add_members, -n/--non-digest-members-file command line
+ switch is deprecated in favor of -r/--regular-members-file.
+
+ - bin/sync_members grew a -g/--goodbye-msg switch.
+
+2.1 beta 1 (16-Mar-2002)
+
+ In addition to the usual bug fixes, performance improvements, and
+ GUI changes, here are the highlights:
+
+ - MIME and other message handling
+ o More robustness against badly MIME encapsulated messages: if
+ a MessageParseError is raised during the initial parse, the
+ message can either be discarded or saved in qfiles/bad,
+ depending on the value of the new configuration variable
+ QRUNNER_SAVE_BAD_MESSAGES.
+
+ o There is a new per-user option that can be used to avoid
+ receipt of extra copies, when a member of the list is also
+ explicitly CC'd.
+
+ o Always add an RFC 2822 Date: header if missing, since not
+ all MTAs insert one automatically.
+
+ o The Sender: and Errors-To: headers are no longer added to
+ outgoing messages.
+
+ o Headers and footers are always added by concatenation, if
+ the message is not MIME and if the list's charset is a
+ superset of us-ascii.
+
+ - List administration
+ o An `invitation' feature has been added. This is selectable
+ as a radio button on the mass subscribe page. When
+ selected, users are invited to join instead of immediately
+ joined, i.e. they get a confirmation message.
+
+ o You can now enable and disable list owner notifications for
+ disabled-due-to-bouncing and removal-due-to-bouncing
+ actions. The site config variables
+ DEFAULT_BOUNCE_NOTIFY_OWNER_ON_DISABLE and
+ DEFAULT_BOUNCE_NOTIFY_OWNER_ON_REMOVAL control the default
+ behavior.
+
+ o List owners can now decide whether they receive unrecognized
+ bounce messages or not (i.e. messages that the bounce
+ processor doesn't recognize). Site admins can set the
+ default value for this flag with the config variable
+ DEFAULT_BOUNCE_UNRECOGNIZED_GOES_TO_LIST_OWNER.
+
+ o The admindb summary page gives the option of clearing the
+ moderation flag of members who are on quarantined.
+
+ o The action to take when a moderated member posts to a list
+ is now configurable. The message can either be held,
+ rejected (bounced), or discarded. If the message is
+ rejected, a rejection notice string can be given.
+
+ o In the General admin page, you can now set the default value
+ for five per-user flags: concealing the user's email
+ address, acknowledging posts sent by the user, copy
+ suppression, not-me-too selection, and the default digest
+ type. Site admins can set the default bit field with the
+ new DEFAULT_NEW_MEMBER_OPTIONS variable.
+
+ o A new "Emergency brake" feature for turning on moderation of
+ all list postings. This is useful for when flamewars break
+ out, and the list needs a cooling off period. Messages
+ containing an Approved: header with the list owner password
+ are still allowed through, as are messages approved through
+ the admindb interface.
+
+ o When a moderated message is approved for the list, add an
+ X-Mailman-Approved-At: header which contains the timestamp
+ of the approval action (changed from X-Moderated: with a
+ different format).
+
+ o Lists can now be converted to using a less error prone
+ mechanism for variable substitution syntax in headers and
+ footers. Instead of %(var)s strings, you'd use $var
+ strings. You must use "bin/withlist -r convert" to enable
+ this.
+
+ o When moderating held messages, the header text box and the
+ message excerpt text box are now both read-only.
+
+ o You can't delete the site list through the web.
+
+ o When creating new lists through the web, you have the option
+ of setting the "default member moderation" flag.
+
+ - Security and privacy
+ o New feature: banned subscription addresses. Privacy
+ options/subscription rules now have an additional list box
+ which can contain addresses or regular expressions.
+ Subscription requests from any matching address are
+ automatically rejected.
+
+ o Membership tests which compare message headers against list
+ rosters are now more robust. They now check, by default
+ these header in order: From:, unixfrom, Reply-To:, Sender:.
+ If any match, then the membership test succeeds.
+
+ o ALLOW_SITE_ADMIN_COOKIES is a new configuration variable
+ which says whether to allow AuthSiteAdmin cookies or not.
+ Normally, when a list administrator logs into a list with
+ the site password, they are issued a cookie that only allows
+ them to do administration for this one list. By setting
+ ALLOW_SITE_ADMIN_COOKIES to 1, the user only needs to
+ authenticate to one list with the site password, and they
+ can administer any mailing list.
+
+ I'm not sure this feature is wise, so the default value for
+ ALLOW_SITE_ADMIN_COOKIES is 0.
+
+ o Marc MERLIN's new recipes for secure Linuxes have been
+ updated.
+
+ o DEFAULT_PRIVATE_ROSTER now defaults to 1.
+
+ o Passwords are no longer included in the confirmation pages.
+
+ - Internationalization
+ o With the approval of Tamito KAJIYAMA, the Japanese codecs
+ for Python are now included automatically, so you don't need
+ to download and install these separate. It is installed in
+ a Mailman-specific place so it won't affect your larger
+ Python installation.
+
+ o The configure script will produce a warning if the Chinese
+ codes are not installed. This is not a fatal error.
+
+ o Russian templates and catalogs have been added.
+
+ o Finnish templates and catalogs have been added.
+
+ - Scripts and utilities
+ o New program bin/unshunt to safely move shunted messages back
+ into the appropriate processing queue.
+
+ o New program bin/inject for sending a plaintext message into
+ the incoming queue from the command line.
+
+ o New cron script cron/disabled for periodically culling the
+ disabled membership.
+
+ o bin/list_members has grown some new command line switches
+ for filtering on different criteria (digest mode, disable
+ mode, etc.)
+
+ o bin/remove_members has grown the --fromall switch.
+
+ o You can now do a bin/rmlist -a to remove an archive even
+ after the list has been deleted.
+
+ o bin/update removes the $prefix/Mailman/pythonlib directory.
+
+ o bin/withlist grows a --all/-a flag so the --run/-r option
+ can be applied to all the mailing lists. Also, interactive
+ mode is now the default if -r isn't used. You don't need to
+ run this script as "python -i bin/withlist" anymore.
+
+ o There is a new script contrib/majordomo2mailman.pl which
+ should ease the transition from Majordomo to Mailman.
+
+ - MTA integration
+ o Postfix integration has been made much more robust, but now
+ you have to set POSTFIX_ALIAS_CMD and POSTFIX_MAP_CMD to
+ point to the postalias and postmap commands respectively.
+
+ o VERP-ish delivery has been made much more efficient by
+ eliminating extra disk copies of messages for each recipient
+ of a VERP delivery. It has also been made more robust in
+ the face of failures during chunk delivery. This required a
+ rewrite of SMTPDirect.py and one casualty of that rewrite
+ was the experimental threaded delivery. It is no longer
+ supported (but /might/ be resurrected if there's enough
+ demand -- or a contributed patch :).
+
+ o A new site config variable SMTP_MAX_SESSIONS_PER_CONNECTION
+ specifies how many consecutive SMTP sessions will be
+ conducted down the same socket connection. Some MTAs have a
+ limit on this.
+
+ o Support for VERP-ing confirmation messages. These are less
+ error prone since the Subject: header doesn't need to be
+ retained, and they allow a more user friendly (and i18n'd)
+ Subject: header. VERP_CONFIRM_FORMAT, VERP_CONFIRM_REGEXP,
+ and VERP_CONFIRMATIONS control this feature (only supported
+ for invitation confirmations currently, but will be expanded
+ to the other confirmations).
+
+ o Several new list-centric addresses have been added:
+ -subscribe and -unsubscribe are synonyms for -join and
+ -leave, respectively. Also -confirm has been added to
+ support VERP'd confirmations.
+
+ - Archiver
+ o There's now a default page for the Pipermail archive link
+ for when no messages have yet been posted to the list.
+
+ o Just the mere presence of an X-No-Archive: is enough to
+ inhibit archiving for this message; the value of the header
+ is now ignored.
+
+ - Configuring, building, installing
+ o Mailman now has a new favicon, donated by Terry Oda. Not
+ all web pages are linked to the favicon yet though.
+
+ o The add-on email package is now distributed and installed
+ automatically, so you don't need to do this. It is
+ installed in a Mailman-specific place so it won't affect
+ your larger Python installation.
+
+ o The default value of VERP_REGEXP has changed.
+
+ o New site configuration variables BADQUEUE_DIR and
+ QRUNNER_SAVE_BAD_MESSAGES which describe where to save
+ messages which are not properly MIME encoded.
+
+ o configure should be more POSIX-ly conformant.
+
+ o The Mailman/pythonlib directory has been removed, but a new
+ $prefix/pythonlib directory has been added.
+
+ o Regression tests are now installed.
+
+ o The second argument to add_virtual() calls in mm_cfg.py are
+ now optional.
+
+ o DEFAULT_FIRST_STRIP_REPLY_TO now defaults to 0.
+
+ o Site administrators can edit the Mailman/Site.py file to
+ customize some filesystem layout policies.
+
+
+2.1 alpha 4 (31-Dec-2001)
+
+ - The administrative requests database page (admindb) has been
+ redesigned for better usability when there are lots of held
+ postings. Changes include:
+ o A summary page which groups held messages by sender email
+ address. On this page you can dispose of all the sender's
+ messages in one action. You can also view the details of
+ all the sender's messages, or the details of a single
+ message. You can also add the sender to one of the list's
+ sender filters.
+
+ o A details page where you can view all messages, just those
+ for a particular sender, or just a single held message.
+ This details page is laid out the same as the old admindb
+ page.
+
+ o The instructions have been shorted on the summary and
+ details page, with links to more detailed explanations.
+
+ - Bounce processing
+ o Mailman now keeps track of the reason a member's delivery
+ has been disabled: explicitly by the administrator,
+ explicitly by the user, by the system due to excessive
+ bounces, or for (legacy) unknown reasons.
+
+ o A new bounce processing algorithm has been implemented (we
+ might actually understand this one ;). When an address
+ starts bouncing, the member gets a "bounce score". Hard
+ (fatal) bounces score 1.0, while soft (transient) bounces
+ score 0.5.
+
+ List administrators can specify a bounce threshold above
+ which a member gets disabled. They can also specify a time
+ interval after which, if no bounces are received from the
+ member, the member's bounce score is considered stale and is
+ thrown away.
+
+ o A new cron script, cron/disabled, periodically sends
+ notifications to members who are bounce disabled. After a
+ certain number of warnings the member is deleted from the
+ list. List administrators can control both the number of
+ notifications and the amount of time between notifications.
+
+ Notifications include a confirmation cookie that the member
+ can use to re-enable their subscription, via email or web.
+
+ o New configuration variables to support the bounce processing
+ are DEFAULT_BOUNCE_SCORE_THRESHOLD,
+ DEFAULT_BOUNCE_INFO_STALE_AFTER,
+ DEFAULT_BOUNCE_YOU_ARE_DISABLED_WARNINGS,
+ DEFAULT_BOUNCE_YOU_ARE_DISABLED_WARNINGS_INTERVAL.
+
+ - Privacy and security
+ o Sender filters can now be regular expressions. If a line
+ starts with ^ it is taken as a (raw string) regular
+ expression, otherwise it is a literal email address.
+
+ o Fixes in 2.0.8 ported forward: prevent cross-site scripting
+ exploits.
+
+ - Mail delivery
+ o Aliases have all been changed so that there's more
+ consistency between the alias a message gets delivered to,
+ and the script & queue runner that handles the message.
+
+ I've also renamed the mail wrapper script to `mailman' from
+ `wrapper' to avoid collisions with other MLM's. You /will/
+ need to regenerate your alias files with bin/genaliases, and
+ you may need to update your smrsh (Sendmail) configs.a
+
+ Bounces always go to listname-bounces now, since
+ administration has been separated from bounce processing.
+ listname-admin is obsolete.
+
+ o VERP support! This greatly improves the accuracy of bounce
+ detection. Configuration variables which control this feature
+ include VERP_DELIVERY_INTERVAL, VERP_PERSONALIZED_DELIVERIES,
+ VERP_PASSWORD_REMINDERS, VERP_REGEXP, and VERP_FORMAT. The
+ latter two must be tuned to your MTA.
+
+ o A new alias mailman-loop@dom.ain is added which directs all
+ output to the file $prefix/data/owner-bounces.mbox. This is
+ used when sending messages to the site list owners, as the
+ final fallback for bouncing messages.
+
+ o New configuration variable POSTFIX_STYLE_VIRTUAL_DOMAINS
+ which should be set if you are using the Postfix MTA and
+ want Mailman to play nice with Postfix-style virtual
+ domains.
+
+ - Miscellaneous
+ o Better interoperability with Python 2.2.
+
+ o MailList objects now record the date (in seconds since
+ epoch) that they were created. This is in a hidden
+ attribute `created_at'.
+
+ o bin/qrunner grows a -s/--subproc switch which is usually
+ used only when it's started from mailmanctl.
+
+ o bin/newlist grows a -l/--language option so that the list's
+ preferred language can be set from the command line.
+
+ o cron changes: admin reminders go out at 8am local time instead
+ of 10pm local time.
+
+ - Pipermail archiver
+ o MIME attachments are scrubbed out into separate files which
+ can be viewed by following a link in the original article.
+ Article contains an indication of the size of the
+ attachment, its type, and other useful information.
+
+ o New script bin/cleanarch which can be used to `clean' an
+ .mbox archive file by fixing unescaped embedded Unix From_
+ lines.
+
+ o New configuration variable ARCHIVE_SCRUBBER in
+ Defaults.py.in which names the module that Pipermail should
+ use to scrub articles of MIME attachments.
+
+ o New configuration variable ARCHIVE_HTML_SANITIZER which
+ describes how the scrubber should handle text/html
+ attachments.
+
+ o PUBLIC_ARCHIVE_URL has change its semantics. It is now an
+ absolute url, with the hostname and listname parts
+ interpolated into it on a per-list basis.
+
+ o Pipermail should now provide the proper character set in the
+ Content-Type: header for archived articles.
+
+ - Internationalization
+ o Czech translations by Dan Ohnesorg.
+
+ o The Hungarian charset has be fixed to be iso-8859-2.
+
+ o The member options login page now has a language selection
+ widget.
+
+ - Building, configuration
+ o email-0.96 package is required (see the misc directory).
+
+ o New recipes for integrating Mailman and Sendmail,
+ contributed by David Champion.
+
+
+2.1 alpha 3 (22-Oct-2001)
+
+ - Realname support
+ o Mailman now tracks a member's Real Name in addition to their
+ email address.
+
+ o List members can now supply their Real Names when
+ subscribing via the web. Their Real Names are parsed from
+ any thru-email subscriptions.
+
+ o Members can change their Real Names on their options page,
+ and admins can change members' Real Names on the membership
+ pages. Mass subscribing accepts "email@dom.ain (Real Name)"
+ and "Real Name <email@dom.ain>" entries, for both
+ in-text-box and file-upload mass subscriptions.
+
+ - Filtering and Privacy
+ o Reply-To: munging has been enhanced to allow a wider range
+ of list policies. You can now pre-strip any Reply-To:
+ headers before adding list-specific ones (i.e. you can
+ override or extend existing Reply-To: headers). If
+ stripping, the old headers are no longer saved on
+ X-Reply-To:
+
+ o New sender moderation rules. The old `posters',
+ `member_only_posting', `moderated' and `forbidden_posters'
+ options have been removed in favor of a new moderation
+ scheme. Each member has a personal moderation bit, and
+ non-member postings can be automatically accepted, held for
+ approval, rejected (bounced) or discarded.
+
+ o When membership rosters are private, responses to
+ subscription (and other) requests are made more generic so
+ that these processes can't be covertly mined for hidden
+ addresses. If a subscription request comes in for a user
+ who is already subscribed, the user is notified of potential
+ membership mining.
+
+ o When a held message is approved via the admindb page, an
+ X-Moderated: header is added to the message.
+
+ o List admins can now set an unsubscribe policy which requires
+ them to approve of member unsubscriptions.
+
+ - Web U/I
+ o All web confirmations now require a two-click procedure,
+ where the first click gives them a page that allows them to
+ confirm or cancel their subscription. It is bad form for an
+ email click (HTTP GET) to have side effects.
+
+ o Lots of improvements for clarity.
+
+ o The Privacy category has grown three subcategories.
+
+ o The General options page as a number of subsection headers.
+
+ o The Passwords and Languages categories are now on separate
+ admin pages.
+
+ o The admin subcategories are now formated as two columns in
+ the top and bottom legends.
+
+ o When creating a list through the web, you can now specify
+ the initial list of supported languages.
+
+ o The U/I for unsubscribing a member on the admin's membership
+ page should be more intuitive now.
+
+ o There is now a separate configuration option for whether the
+ goodbye_msg is sent when a member is unsubscribed.
+
+ - Performance
+ o misc/mailman is a Unix init script, appropriate for
+ /etc/init.d, and containing chkconfig hooks for systems that
+ support it.
+
+ o bin/mailmanctl has been rewritten; the `restart' command
+ actually works now. It now also accepts -s, -q, and -u
+ options.
+
+ o bin/qrunner has been rewritten too; it can serve the role of
+ the old cron/qrunner script for those who want classic
+ cron-invoked mail delivery.
+
+ o Internally, messages are now stored in the qfiles directory
+ primarily as pickles. List configuration databases are now
+ stored as pickles too (i.e. config.pck). bin/dumpdb knows
+ how to display both pickles and marshals.
+
+ - Mail delivery
+ o If a user's message is held for approval, they are sent a
+ notification message containing a confirmation cookie. They
+ can use this confirmation cookie to cancel their own
+ postings (if they haven't already been approved).
+
+ o When held messages are forwarded to an explicit address
+ using the admindb page, it is done so in a message/rfc822
+ encapsulation.
+
+ o When a message is first held for approval, the notification
+ sent to the list admin is a 3-part multipart/mixed. The
+ first part holds the notification message, the second part
+ hold the original message, and the third part hold a cookie
+ confirmation message, to which the admin can respond to
+ approve or discard the message via email.
+
+ o In the mail->news gateway, you can define mail headers that
+ must be modified or deleted before the message can be posted
+ to the nntp server.
+
+ o The list admin can send an immediate urgent message to the
+ entire list membership, bypassing digest delivery. This is
+ done by adding an Urgent: header with the list password.
+ Urgent messages with an invalid password are rejected.
+
+ o Lists can now optionally personalize email messages, if the
+ site admin allows it. Personalized messages mean that the
+ To: header includes the recipient's address instead of the
+ list's address, and header and footer messages can contain
+ user-specific information. Note that only regular
+ deliveries can currently be personalized.
+
+ o Message that come from Usenet but that have broken MIME
+ boundaries are ignored.
+
+ o If the site administrator agrees, list owners have the
+ ability to disable RFC 2369 List-* headers.
+
+ o There is now an API for an external process to post a
+ message to a list. This posting process can also specify an
+ explicit list of recipients, in effect turning the mailing
+ list into a "virtual list" with a fluid membership. See
+ Mailman/Post.py for details.
+
+ - Building/testing/configuration
+ o mimelib is no longer required, but you must install the
+ email package (see the tarball in the misc directory).
+
+ o An (as yet) incomplete test suite has been added. Don't try
+ running it in a production environment!
+
+ o Better virtual host support by adding a mapping from the
+ host name given in cgi's HTTP_HOST/SERVER_NAME variable to
+ the email host used in list addresses. (E.g. www.python.org
+ maps to @python.org).
+
+ o Specifying urls to external public archivers is more
+ flexible.
+
+ o The filters/ subdirectory has been removed.
+
+ o There is now a `site list' which is a mailing list that must
+ be created first, and from which all password reminders
+ appear to come from. It is recommended that this list be
+ called "mailman@your.site".
+
+ o bin/move_list is no longer necessary (see the FAQ for
+ detailed instructions on renaming a list).
+
+ o A new script bin/fix_url.py can be used with bin/withlist to
+ change a list's web_page_url configuration variable (since
+ it is no longer modifiable through the web).
+
+ - Internationalization
+ o Support for German, Hungarian, Italian, Japanese, and
+ Norwegian have been added.
+
+ - Miscellaneous
+ o Lots of new bounce detectors. Bounce detectors can now
+ discard temporary bounce messages by returning a special
+ Stop value.
+
+ o bin/withlist now sports a -q/--quiet flag.
+
+ o bin/add_members has a new -a/--admin-notify flag which can
+ be used to inhibit list owner notification for each
+ subscription.
+
+ - Membership Adaptors
+ o Internally, mailing list memberships are accessed through a
+ MemberAdaptor interface. This would allow for integrating
+ membership databases with external sources (e.g. Zope or
+ LDAP), although the only MemberAdaptor currently implemented
+ is a "classic" adaptor which stores the membership
+ information on the MailList object.
+
+ o There's a new pipeline handler module called FileRecips.py
+ which could be used to get all regular delivery mailing list
+ recipients from a Sendmail-style :include: file (see List
+ Extensibility bullet below).
+
+ This work was sponsored by Control.com
+
+ - List Extensibility
+ o A framework has been added which can be used to specialize
+ and extend specific mailing lists. If there is a file
+ called lists/<yourlist>/extend.py, it is execfile()'d after
+ the MailList object is instantiated. The file should
+ contain a function extend() which will be called with the
+ MailList instance. This function can do all sorts of deep
+ things, like modify the handler pipeline just for this list,
+ or even strip out particular admin GUI elements (see below).
+
+ o All the admin page GUI elements are now separate
+ components. This provides greater flexibility for list
+ customization. Also, each GUI element will be given an
+ opportunity to handle admin CGI form data.
+
+ This work was sponsored by Control.com
+
+ - Topic Filters
+ o A new feature has been added called "Topic Filters". A list
+ administrator can create topics, which are essentially
+ regular expression matches against Subject: and Keyword:
+ headers (including such pseudo-headers if they appear in the
+ first few lines of the body of a message).
+
+ List members can then `subscribe' to various topics, which
+ allows them to filter out any messages that don't match a
+ topic, or to filter out any message that does match a
+ topic. This can be useful for high volume lists where not
+ everyone will be interested in every message.
+
+ This work was sponsored by Control.com
+
+2.1 alpha 2 (11-Jul-2001)
+
+ - Building
+ o mimelib 0.4 is now required. Get it from
+ http://mimelib.sf.net. If you've installed an earlier
+ version of mimelib, you must upgrade.
+
+ o /usr/local/mailman is now the default installation
+ directory. Use configure's --prefix switch to change it
+ back to the default (/home/mailman) or any other
+ installation directory of your choice.
+
+ - Security
+ o Better definition of authentication domains. The following
+ roles have been defined: user, list-admin, list-moderator,
+ creator, site-admin.
+
+ o There is now a separate role of "list moderator", which has
+ access to the pending requests (admindb) page, but not the
+ list configuration pages.
+
+ o Subscription confirmations can now be performed via email or
+ via URL. When a subscription is received, a unique (sha)
+ confirm URL is generated in the confirmation message.
+ Simply visiting this URL completes the subscription process.
+
+ o In a similar manner, removal requests (via web or email
+ command) no longer require the password. If the correct
+ password is given, the removal is performed immediately. If
+ no password is given, then a confirmation message is
+ generated.
+
+ - Internationalization
+ o More I18N patches. The basic infrastructure should now be
+ working correctly. Spanish templates and catalogs are
+ included, and English, French, Hungarian, and Big5 templates
+ are included.
+
+ o Cascading specializations and internationalization of
+ templates. Templates are now search for in the following
+ order: list-specific location, domain-specific location,
+ site-wide location, global defaults. Each search location
+ is further qualified by the language being displayed. This
+ means that you only need to change the templates that are
+ different from the global defaults.
+
+ Templates renamed: admlogin.txt => admlogin.html
+ Templates added: private.html
+
+ - Web UI
+ o Redesigned the user options page. It now sits behind an
+ authentication so user options cannot be viewed without the
+ proper password. The other advantage is that the user's
+ password need not be entered on the options page to
+ unsubscribe or change option values. The login screen also
+ provides for password mail-back, and unsubscription w/
+ confirmation.
+
+ Other new features accessible from the user options page
+ include: ability to change email address (with confirmation)
+ both per-list and globally for all list on virtual domain;
+ global membership password changing; global mail delivery
+ disable/enable; ability to suppress password reminders both
+ per-list and globally; logout button.
+
+ [Note: the handle_opts cgi has gone away]
+
+ o Color schemes for non-template based web pages can be defined
+ via mm_cfg.
+
+ o Redesign of the membership management page. The page is now
+ split into three subcategories (Membership List, Mass
+ Subscription, and Mass Removal). The Membership List
+ subcategory now supports searching for member addresses by
+ regular expression, and if necessary, it groups member
+ addresses first alphabetically, and then by chunks.
+
+ Mass Subscription and Mass Removal now support file upload,
+ with one address per line.
+
+ o Hyperlinks from the logos in the footers have been removed.
+ The sponsors got too much "unsubscribe me!" spam from
+ desperate user of Mailman at other sites.
+
+ o New buttons on the digest admin page to send a digest
+ immediately (if it's non-empty), to start a new digest
+ volume with the next digest, and to select the interval with
+ which to automatically start a new digest volume (yearly,
+ monthly, quarterly, weekly, daily).
+
+ DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration
+ variable, initially set to give a new digest volume monthly.
+
+ o Through-the-web list creation and removal, using a separate
+ site-wide authentication role called the "list creator and
+ destroyer" or simply "list creator". If the configuration
+ variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by
+ default, it's 0), then list admins can delete their own
+ lists.
+
+ This feature requires an adaptor for the particular MTA
+ you're using. An adaptor for Postfix is included, as is a
+ dumb adaptor that just emails mailman@yoursite with the
+ necessary Sendmail style /etc/alias file changes. Some MTAs
+ like Exim can be configured to automatically recognize new
+ lists. The adaptor is selected via the MTA option in
+ mm_cfg.py
+
+ - Email UI
+ o In email commands, "join" is a synonym for
+ "subscribe". "remove" and "leave" are synonyms for
+ "unsubscribe". New robot addresses are support to make
+ subscribing and unsubscribing much easier:
+
+ mylist-join@mysite
+ mylist-leave@mysite
+
+ o Confirmation messages have a shortened Subject: header,
+ containing just the word "confirm" and the confirmation
+ cookie. This should help for MUAs that like to wrap long
+ Subject: lines, messing up confirmation.
+
+ o Mailman now recognizes an Urgent: header, which, if it
+ contains the list moderator or list administrator password,
+ forces the message to be delivered immediately to all
+ members (i.e. both regular and digest members). The message
+ is also placed in the digest. If the password is incorrect,
+ the message will be bounced back to the sender.
+
+ - Performance
+ o Refinements to the new qrunner subsystem which preserves
+ FIFO order of messages.
+
+ o The qrunner is no longer started from cron. It is started
+ by a Un*x init-style script called bin/mailmanctl (see
+ below). cron/qrunner has been removed.
+
+ - Command line scripts
+ o bin/mailmanctl script added, which is used to start, stop,
+ and restart the qrunner daemon.
+
+ o bin/qrunner script added which allows a single sub-qrunner
+ to run once through its processing loop.
+
+ o bin/change_pw script added (eases mass changing of list
+ passwords).
+
+ o bin/update grows a -f switch to force an update.
+
+ o bin/newlang renamed to bin/addlang; bin/rmlang removed.
+
+ o bin/mmsitepass has grown a -c option to set the list
+ creator's password. The site-wide `create' web page is
+ linked to from the admin overview page.
+
+ o bin/newlist's -o option is removed. This script also grows
+ a way of spelling the creation of a list in a specific
+ virtual domain.
+
+ o The `auto' script has been removed.
+
+ o bin/dumpdb has grown -m/--marshal and -p/--pickle options.
+
+ o bin/list_admins can be used to print the owners of a mailing list.
+
+ o bin/genaliases regenerates from scratch the aliases and
+ aliases.db file for the Postfix MTA.
+
+ - Archiver
+ o New archiver date clobbering option, which allows dates to
+ only be clobber if they are outrageously out-of-date
+ (default setting is 15 days on either side of received
+ timestamp). New configuration variables:
+
+ ARCHIVER_CLOBBER_DATE_POLICY
+ ARCHIVER_ALLOWABLE_SANE_DATE_SKEW
+
+ The archived copy of messages grows an X-List-Received-Date:
+ header indicating the time the message was received by
+ Mailman.
+
+ o PRIVATE_ARCHIVE_URL configuration variable is removed (this
+ can be calculated on the fly, and removing it actually makes
+ site configuration easier).
+
+ - Miscellaneous
+ o Several new README's have been added.
+
+ o Most syslog entries for the qrunner have been redirected to
+ logs/error.
+
+ o On SIGHUP, qrunner will re-open all its log files and
+ restart all child processes. See "bin/mailmanctl restart".
+
+ - Patches and bug fixes
+ o SF patches and bug fixes applied: 420396, 424389, 227694,
+ 426002, 401372 (partial), 401452.
+
+ o Fixes in 2.0.5 ported forward:
+ Fix a lock stagnation problem that can result when the
+ user hits the `stop' button on their browser during a
+ write operation that can take a long time (e.g. hitting
+ the membership management admin page).
+
+ o Fixes in 2.0.4 ported forward:
+ Python 2.1 compatibility release. There were a few
+ questionable constructs and uses of deprecated modules
+ that caused annoying warnings when used with Python 2.1.
+ This release quiets those warnings.
+
+ o Fixes in 2.0.3 ported forward:
+ Bug fix release. There was a small typo in 2.0.2 in
+ ListAdmin.py for approving an already subscribed member
+ (thanks Thomas!). Also, an update to the OpenWall
+ security workaround (contrib/securelinux_fix.py) was
+ included. Thanks to Marc Merlin.
+
+2.1 alpha 1 (04-Mar-2001)
+
+ - Python 2.0 or newer required. Also required is `mimelib' a new
+ library for handling MIME documents. This will be bundled in
+ future releases, but for now, you must download and install it
+ (using Python's distutils) from
+
+ http://barry.wooz.org/software/Code/mimelib-0.2.tar.gz
+
+ You need mimelib 0.2 or better.
+
+ - Redesigned qrunner subsystem. Now there are multiple message
+ queues, and considerable flexibility in file formats for
+ integration with external systems. The current crop of queues
+ include:
+
+ archive -- for posting messages to an archiver
+ commands -- for incoming email commands and bounces
+ in -- for list-destined incoming email
+ news -- for messages outgoing to a nntp server
+ out -- for messages outgoing to a smtp server
+ shunt -- for messages that trigger unexpected exceptions in Mailman
+ virgin -- for messages that are generated by Mailman
+
+ cron/qrunner is now a long running script that forks off
+ sub-runners for each of the above queues. qrunner still plays
+ nice with cron, but it is expected to be started by init at some
+ point in the future. Some support exists for parallel
+ processing of messages in the queues.
+
+ - Support for internationalization support merged in. Original
+ work done by Juan Carlos Rey Anaya and Victoriano Giralt. I've
+ tested about 90% of the web side, 50% of the email, and 50% of
+ the command line / cron scripts.
+
+ New scripts: bin/newlang, bin/rmlang
+
+ - New delivery script `auto' for automatic integration with the
+ Postfix MTA.
+
+ - A bunch of new bounce detectors.
+
+ Changes ported from Mailman 2.0.2 and 2.0.1:
+
+ - A fix for a potential privacy exploit where a clever list
+ administrator could gain access to user passwords. This doesn't
+ allow them to do much more harm to the user then they normally
+ could, but they still shouldn't have access to the passwords.
+
+ - In the admindb page, don't complain when approving a
+ subscription of someone who's already on the list (SF bug
+ #222409 - Thomas Wouters).
+
+ Also, quote for HTML the Subject: text printed for held
+ messages, otherwise messages with e.g. "Subject: </table>" could
+ royally screw page formatting.
+
+ - Docstring fix bin/newlist to remove mention of "immediate"
+ argument (Thomas Wouters).
+
+ - Fix for bin/update when PREFIX != VAR_PREFIX (SF bug #229794 --
+ Thomas Wouters).
+
+ - Bug fix release, namely fixes a buglet in bin/withlist affecting
+ the -l and -r flags; also a problem that can cause qrunner to
+ stop processing mail after disk-full events (SourceForge bug
+ 127199).
+
+2.0 final (21-Nov-2000)
+
+ No changes from rc3.
+
+2.0 release candidate 3 (16-Nov-2000)
+
+ - By popular demand, Reply-To: munging policy is now to always
+ override any Reply-To: header in the original message, if
+ reply_goes_to_list is set to "This list" or "Explicit Address"
+
+ - bin/newlist given -q/--quiet flag instead of the <immediate>
+ positional argument
+
+ - Hopefully last fix to DEFAULT_URL not ending in a slash
+ sensitivity
+
+ - 2.0rc2 buglets fixed:
+ o newlist argument parsing
+ o updating with unlocked lists
+ o HyperArch.py traceback when there's no
+ Content-Transfer-Encoding: header
+
+ - SourceForge bugs fixed:
+ 122358 (qmail-to-mailman.py listname case folding)
+
+ - SourceForge patches applied:
+ 102373 (qmail-to-mailman.py listname case folding)
+
+2.0 release candidate 2 (10-Nov-2000)
+
+ - Documentation updates: start in the doc/ directory.
+
+ - bin/withlist accepts additional command line arguments when used
+ with the --run flag; bin/mmsitepass and bin/newlist accept
+ -h/--help flags
+
+ - bin/newlist has a -o/--output flag to append /etc/aliases
+ suggestions to a specified file
+
+ - SourceForge bugs fixed:
+ 116615 (README.BSD update), 117015 (duplicate messages on
+ moderated posts), 117548 (exception in HyperArch.py), 117682
+ (typos), 121185 (vsnprintf signature), 121591 and 122017
+ (bogus link after web unsubscribe), 121811 (`subscribe' in
+ Subject: doesn't get archived)
+
+ - SourceForge patches applied:
+ 101812 (securelinux_fix.py contrib), 102097 (fix for bug
+ 117548), 102211 (additional args for withlist), 102268 (case
+ insensitive Content-Transfer-Encoding:)
+
+2.0 release candidate 1 (23-Oct-2000)
+
+ - Bug fixes and security patches.
+
+ - Better html rendition of articles in non us-ascii charsets
+ (Jeremy Hylton). See VERBATIM_ENCODING variable in
+ Defaults.py.in for customization.
+
+2.0 beta 6 (22-Sep-2000)
+
+ - Building
+ o Tested with Python 1.5.2, Python 1.6, and Python 2.0 beta 1.
+ Conducted on RH Linux 6.1 only, but should work
+ cross-platform.
+
+ o Configure now accepts --with-username, --with-groupname,
+ --with-var-prefix flags. See `configure --help' or the
+ INSTALL file for details.
+
+ o Setting the CFLAGS environment variable before invoking
+ configure now works.
+
+ o The icons are now copied into $prefix/icons at install time.
+ Patch by David Champion.
+
+ - Standards
+ o Compliance with RFC 2369 (List-*: headers). Patch by
+ Darrell Fuhriman. List-ID: header is kept for historical
+ reasons.
+
+ o Fixes by Jeremy Hylton to Pipermail in support of non-ASCII
+ charsets, based on the Content-Type: and encoded-words in
+ the original message. Mail headers are now decoded as per
+ RFC 2047.
+
+ o Many more bounce formats are detected: Microsoft's SMTPSVC,
+ Compuserve, GroupWise, SMTP32, and the more generic
+ SimpleMatch (which catches lots of similar but slightly
+ different formats).
+
+ - Defaults
+ o Email addresses can now be obscured in Pipermail archives by
+ setting mm_cfg.ARCHIVER_OBSCURES_EMAILADDRS to 1 (obscuring
+ is turned off by default). Patch provided by Chris Snell.
+
+ o The default NNTP host can now be set by editing
+ mm_cfg.DEFAULT_NNTP_HOST. Patch by David Champion.
+
+ o The default archiving mode (public/private) can now be set
+ by editing mm_cfg.DEFAULT_ARCHIVE. Patch by Ted Cabeen.
+
+ - Web UI
+ o The variable details pages in the administrators interface
+ is now `live', i.e. there's a submit button on the details
+ page.
+
+ o A link to the administrative interface is placed in the
+ footer of the general user pages (authentication still
+ required, of course!)
+
+ o The user options change results page has a link back to the
+ user's main page.
+
+ o In the admindb page (for dealing with held postings), the
+ default forward address is now listname-owner instead of
+ listname-admin. This avoids bounce detection on the
+ forwarded message.
+
+ - Miscellaneous
+ o Fixed config.db corruption problem when disk-full errors are
+ encountered.
+
+ o Command line scripts accept list names case-insensitively.
+
+ o bin/remove_members takes a -a flag to remove all members of
+ a list in one fell swoop.
+
+ o List admin passwords must be non-empty.
+
+ o Mailman generated passwords are slightly more mnemonic, and
+ shouldn't have confusing character selections (i.e. `i'
+ only, but no `1' or `l').
+
+ o Crossposting to two gated mailing lists should be fixed.
+
+ o Many other bug fixes and minor web UI improvements.
+
+2.0 beta 5 (01-Aug-2000)
+
+ - Bug fix release. This includes a fix for a small security hole
+ which could be exploited to gain mailman group access by a local
+ user (not a mail or web user).
+
+ - As part of the fix for the "cookie reauthorization" bug, only
+ session cookies are used now. This means that administrative
+ and private archive cookies expire only when the browser session
+ is quit, however an explicit "Logout" button has been added.
+
+2.0 beta 4 (06-Jul-2000)
+
+ - Bug fix release.
+
+2.0 beta 3 (29-Jun-2000)
+
+ - Delivery mechanism (qrunner) refined to support immediate
+ queuing, queuing directly from MTA, and queuing on any error
+ along the delivery pipeline. This means 1) that huge lists
+ can't time out the MTA's program delivery channel; 2) it is much
+ harder to completely lose messages; 3) eventually, qrunner will
+ be elaborated to meter delivery to the MTA so as not to swamp
+ it. The tradeoff is in more disk I/O since every message coming
+ into the system (and most that are generated by the system) live
+ on disk for some part of their journey through Mailman.
+
+ For now, see the Default.py variables QRUNNER_PROCESS_LIFETIME
+ and QRUNNER_MAX_MESSAGES for primitive resource management.
+
+ The API to the pipeline handler modules has changed. See
+ Mailman/Handlers/HandlerAPI.py for details.
+
+ - Revamped admindb web page: held messages are split into headers
+ and bodies so they are easier to vette; admins can now also
+ preserve a held message (for spam evidence gathering) or forward
+ the message to a specified email address; disposition of held
+ messages can be deferred; held messages have a more context
+ meaningful default rejection message.
+
+ - Change to the semantics for `acceptable_aliases' list
+ configuration variable, based on suggestions by Harald Meland.
+
+ - New mm_cfg.py variables NNTP_USERNAME and NNTP_PASSWORD can be
+ set on a site-wide basis if connection to your nntpd requires
+ authentication.
+
+ - The list attribute `num_spawns' has been removed. The mm_cfg.py
+ variables MAX_SPAWNS, and DEFAULT_NUM_SPAWNS removed too.
+
+ - LIST_LOCK_LIFETIME cranked to 5 hours and LIST_LOCK_TIMEOUT
+ shortened to 10 seconds. QRUNNER_LOCK_LIFETIME cranked up to 10
+ hours. This should decrease the changes for bogus and harmful
+ lock breaking.
+
+ - Resent-to: is now one of the headers checked for explicit
+ destinations.
+
+ - Tons more bounce formats are recognized. The API to the bounce
+ modules has changed.
+
+ - A rewritten LockFile module which should fix most (hopefully all)
+ bugs in the locking machinery. Many improvements suggested by
+ Thomas Wouters and Harald Meland.
+
+ - Experimental support (disabled by default) for delivering SMTP
+ chunks to the MTA via multiple threads. Your Python executable
+ must have been compiled with thread support enabled, and you
+ must set MAX_DELIVERY_THREADS in mm_cfg.py. Note that this may
+ not improve your overall system performance.
+
+ - Some changes and additions to scripts: bin/find_member now
+ supports a -w/--owner flag to match regexps against mailing list
+ owners; bin/find_member now supports multiple regexps;
+ cron/gate_news command line option changes; new script
+ bin/dumbdb for debugging purposes; bin/clone_member can now also
+ remove the old address and change change the list owner
+ addresses.
+
+ - The News/Mail gateway admin page has a button that lets you do
+ an explicit catchup of the newsgroup.
+
+ - The CVS repository has been moved out to SourceForge. For more
+ information, see the project summary at
+
+ http://sourceforge.net/project/?group_id=103
+
+ - Lots 'o bug fixes and some performance improvements.
+
+2.0 beta 2 (07-Apr-2000)
+
+ - Rewritten gate_news cron script which should be more efficient
+ and avoid race and locking problems. Each list now maintains
+ its own watermark, and when you use the admin CGI script to turn
+ on gating from Usenet->mail, an automatic mass catch up is done
+ to avoid flooding the mailing list. cron/gate_news's command
+ line interface has also changed. See its docstring for
+ details.
+
+ - A new cron script called qrunner has been added to retry message
+ deliveries that fail because of temporary smtpd problems.
+
+ - New command line script called bin/list_lists which does exactly
+ that: lists all the mailing lists on the system (much like the
+ listinfo CGI does).
+
+ - bin/withlist is now directly executable, however if you want to
+ use python -i, you must still explicitly invoke it.
+ bin/withlist also now cleans up after itself by unlocking any
+ locked lists. It does NOT save any dirty lists though - you
+ must do this explicitly.
+
+ - $prefix permissions (and all subdirs) must now be 02775.
+ bin/check_perms has been updated to fix all the subdir
+ permissions.
+
+ - "make update" (a.k.a. bin/update) is run automatically when you
+ do a "make install"
+
+ - The CGI driver script now puts information about the Python
+ environment into the logs/error file (but not the diagnostic web
+ page).
+
+ - Bug fixes and some performance improvements
+
+2.0 beta 1 (19-Mar-2000)
+
+ - Python 1.5.2 (or newer) is now required.
+
+ - A new bundled auto-responder has been added. You can now
+ configure an autoresponse text for each list's primary
+ addresses:
+
+ listname@yourhost.com -- the general posting address
+ listname-request@... -- the automated "request bot" address
+ listname-admin@... -- the human administrator address
+
+ - The standard UI now includes three logos at the bottom of the
+ page: Dragon's Mailman logo, the Python Powered logo, and the
+ GNU logo. All point to their respective home pages.
+
+ - It is now possible to set the Reply-To: field on lists to an
+ arbitrary address. NOTE: Reply-To: munging is generally
+ considered harmful! However for some read-only lists, it is
+ useful to direct replies to a parallel discussion list.
+
+ - There is a new message delivery architecture which uses a
+ pipeline processor for incoming and internally generated
+ messages. Mailman no longer contains a bundled bulk-mailer;
+ instead message delivery is handled completely by the MTA. Most
+ MTAs give a high enough priority to connections from the
+ localhost that mail will not be lost because of system load, but
+ this is not guaranteed (or handled) by Mailman currently. Be
+ careful also if your smtpd is on a different host than the
+ Mailman host. In practice, mail lossage has not be observed.
+
+ For this reason cron/run_queue is no longer needed (see the
+ UPGRADING file for details).
+
+ Also, you can choose whether you want direct smtp delivery, or
+ delivery via the command line to a sendmail-compatible daemon.
+ You can also easily add your own delivery module. See
+ Mailman/Defaults.py for details.
+
+ - A similar pipeline architecture for the parsing of bounce
+ messages has been added. Most common bounce formats are now
+ handled, including Qmail, Postfix, and DSN. It is now much
+ easier to add new bounce detectors.
+
+ - The approval pending architecture has also been revamped.
+ Subscription requests and message posts waiting for admin
+ approval are no longer kept in the config.db file, but in a
+ separate requests.db file instead.
+
+ - Finally made consistent the use of Sender:/From:/From_ in the
+ matching of headers for such things as member-post-only. Now,
+ if USE_ENVELOPE_SENDER is true, Sender: will always be chosen
+ over From:, however the default has been changed to
+ USE_ENVELOPE_SENDER false so that From: is always chosen over
+ Sender:. In both cases, if no header is found, From_ (i.e. the
+ envelope sender is used). Note that the variable is now
+ misnamed! Most people want From: matching anyway and any are
+ easily spoofable.
+
+ - New scripts bin/move_list, bin/config_list
+
+ - cron/upvolumes_yearly, cron/upvolumes_monthly, cron/archive,
+ cron/run_queue all removed. Edit your crontab if you used these
+ scripts. Other scripts removed: contact_transport, deliver,
+ dumb_deliver.
+
+ - Several web UI improvements, especially in the admin page.
+
+ - Remove X-pmrqc: headers to prevent return reciepts for Pegasus
+ mail users.
+
+ - Security patch when using external archivers.
+
+ - Honor "X-Archive: No" header by not putting this message in the
+ archive.
+
+ - Changes to the log file format.
+
+ - The usual bug fixes.
+
+1.1 (05-Nov-1999)
+
+ - All GIFs removed. See http://www.gnu.org/philosophy/gif.html
+ for the reason why.
+
+ - Improvements to the Pipermail archiver which make things faster.
+ Primary change is that the .txt files are not gzipped on every
+ posted message. Instead, use the new cron script `nightly_gzip'
+ to gzip the .txt file in batches (this means that the .txt file
+ will lag behind the on-line archives a little).
+
+ - From the C drivers programs, Python is invoked with the -S
+ option. This tells Python to avoid importing the site module,
+ which can improve start up time of the Python process
+ considerably. Note that the command line script invocation has
+ not been changed.
+
+ - New configuration variables PUBLIC_EXTERNAL_ARCHIVER and
+ PRIVATE_EXTERNAL_ARCHIVER which can contain a shell command
+ string for os.popen(). This can be used to invoke an external
+ archiver instead of the bundled Pipermail archiver. See
+ Defaults.py for details.
+
+ - new script `bin/find_member' which can be used to search for a
+ member by regular expression.
+
+ - More child processes are reaped, which should eliminate most
+ occurrences of zombie processes.
+
+ - A few small miscellaneous bug fixes (including PR#99, PR#107)
+ and improvements to the file locking algorithms.
+
+1.0 (30-Jul-1999)
+
+ - Configure script now allows $PREFIX (by default /home/mailman)
+ to be permissions 02755. Also, configure now tests for
+ vsnprintf()
+
+ - Workaround, taken from GNU screen, for systems missing
+ vsnprintf()
+
+ - Return-Receipt-To: and Disposition-Notification-To: headers are
+ always removed from posted messages (they can be used to troll
+ for list membership).
+
+ - Workaround for MSIE4.01 (and possibly other versions) bug in the
+ handling of cookies.
+
+ - A small collection of other bug fixes.
+
+1.0rc3 (10-Jul-1999)
+
+ - new script bin/check_perms which checks (and optionally fixes)
+ the permissions and group ownerships of the files in your
+ Mailman installation.
+
+ - Removed a bottleneck in the archiving code that was causing
+ performance problems on highly loaded servers.
+
+ - The code that saves a list's state and configuration database
+ has been made more robust.
+
+ - Additional exception handlers have been added in several places
+ to alleviate problems with Mailman bombing out when it really
+ would be better to print/log a helpful message.
+
+ - The "password" mail command will now mail back the sender's
+ subscription password when given with no arguments.
+
+ - The embarrassing subject-prefixing bug present in rc2 has been
+ fixed.
+
+ - A small (but nice :) collection of other squashed bugs.
+
+1.0rc2 (14-Jun-1999)
+
+ - A security flaw in the CGI cookie mechanisms was discovered --
+ the Mailman-issued cookies were easily spoofable, implying that
+ e.g. admin access to all Mailman lists via the web interface
+ could be compromised. This flaw has now been fixed.
+
+ - Handling of SMTP errors has been improved.
+
+ - Both "Mass Subscription" via web admin interface and
+ bin/add_members have been greatly sped up.
+
+ - autoconf check for syslog has been revamped, and is now verified
+ to work on SCO OpenServer 5. If syslog can't be found, the C
+ wrappers will compile, but without any syslog calls.
+
+ - Various other bug fixes.
+
+1.0rc1 (04-May-1999)
+
+ - There is a new Mailman logo, contributed by The Dragon De
+ Monsyne. Please read the INSTALL file for information about
+ installing the logo in a place your Web server can find it.
+
+ - USE_ENVELOPE_SENDER is now set to 0 by default. Turning this on
+ caused problems for too many users; lists restricted to
+ member-only posts were not matching the addresses correctly.
+
+ - A revamped bin/withlist to be a little more useful.
+
+ - A revamped cron/mailpasswds which groups users by virtual hosts.
+
+ - The usual assortment of bug fixes.
+
+1.0b11 (03-Apr-1999)
+
+ - Bug fixes and improvements for case preservation of subscribed
+ addresses. The DATA_FILE_VERSION has been bumped to 14.
+
+ - New script bin/withlist, useful for interactive debugging.
+
+1.0b10 (26-Mar-1999)
+
+ - New script bin/sync_members which can be used to synchronize a
+ list's membership against a flat (e.g. sendmail :include: style)
+ file.
+
+ - bin/add_members and bin/remove_members now accept addresses on
+ the command line with `-' as the value for the -d and -n
+ options.
+
+ - Added variable USE_ENVELOPE_SENDER to Defaults.py for site-wide
+ configuration of address matching scheme. With this variable
+ set to true, the envelope sender (e.g. Unix "From_" header) is
+ used to match addresses, otherwise the From: header is used.
+ Envelope sender matching seems not to work on many systems.
+ This variable is currently defaulted to 1, but may change to 0
+ for the final release.
+
+ - Reorganization of the membership management admin page. Also
+ member addresses are linked to their options page. Only the
+ `General' category has the admin password change form.
+
+ - Major reorganization of email command handling and responses.
+ `notmetoo' is the preferred email command instead of `norcv',
+ although the latter is still accepted as an argument. If more
+ than 5 errors are found in the message, command processing is
+ halted.
+
+ - User options page now shows the user their case-preserved
+ subscribed address as well.
+
+ - The usual assortment of bug fixes.
+
+1.0b9 (01-Mar-1999)
+
+ - New bin scripts: clone_member, list_members, add_members (a
+ consolidation of convertlist and populate_new_list which have
+ been removed).
+
+ - Two new readmes have been added: README.LINUX and README.QMAIL
+
+ - New configure option --with-cgi-ext which can be used if your
+ Web server requires extensions on CGI scripts. The extension
+ must include a dot (e.g. --with-cgi-ext=".cgi").
+
+ - Many bug fixes, including the setgid problem that was causing
+ mail to be lost on some versions of Linux.
+
+1.0b8 (14-Jan-1999)
+
+ - Bug fixes and workarounds for certain Linuxes.
+
+ - Illegal addresses are no longer allowed to be subscribed, from
+ any interface.
+
+1.0b7 (31-Dec-1998)
+
+ - Many, many bug fixes. Some performance improvements for large
+ lists. Some improvements in the Web interfaces. Some security
+ improvements. Improved compatibility with Python 1.5.
+
+ - bin/convert_list and bin/populate_new_list have been replaced
+ by bin/add_members.
+
+ - Admins can now get notification on subscriptions and
+ unsubscriptions. Posts are now logged.
+
+ - The username portion of email addresses are now case-preserved
+ for delivery purposes. All other address comparisions are
+ case-insensitive.
+
+ - New default SMTP_MAX_RCPTS that limits the number of "RCPT TO"
+ SMTP commands that can be given for a single message. Most
+ MTAs have some hard limit.
+
+ - "Precedence: bulk" header and "List-id:" header are now added
+ to all outgoing messages. The latter is not added if the
+ message already has a "List-id:" header. See RFC 2046 and
+ draft-chandhok-listid-02 for details.
+
+ - The standard (as of Python 1.5.2) smtplib.py is now used.
+
+ - The install process now compiles all the .py files in the
+ installation.
+
+ - Versions of the Mailman papers given at IPC7 and LISA-98 are
+ now included.
+
+1.0b6 (07-Nov-1998)
+
+ - Archiving is (finally) back in.
+
+ - Administrivia filter added.
+
+ - Mail queue mechanism revamped with better concurrency control.
+
+ - For recipients that have estmp MTAs, set delivery notification
+ status so that only delivery failure notices are sent out,
+ inhibiting 4 hour and N day warning notices.
+
+ - Now expire old unconfirmed subscription requests, rather than
+ keeping them forever.
+
+ - Added proposed standard List-Id: header, and our own
+ X-MailmanVersion header.
+
+ - Prevent havoc from attempts to subscribe a list to itself. (!)
+
+ - Refine mail command processing to prevent loops.
+
+ - Pending subscription DB redone with better locking and cleaner
+ interface.
+
+ - posters functionality expanded.
+
+ - Subscription policy more flexible, sensible, and
+ site-configurable.
+
+ - Various and sundry bug fixes.
+
+1.0b5 (27-Jul-1998)
+
+ - New file locking that should be portable and work w/ NFS.
+
+ - Better use of packages.
+
+ - Better error logging and reporting.
+
+ - Less startup overhead.
+
+ - Various and sundry bug fixes.
+
+
+1.0b4 (03-Jun-1998)
+
+ - A configure script for easy installation (Barry Warsaw)
+
+ - The ability to install Mailman to locations other than
+ /home/mailman (Barry Warsaw)
+
+ - Use cookies on the admin pages (also hides admin pages from
+ others) (Scott Cotton)
+
+ - Subscription requests send a request for confirmation, which may
+ be done by simply replying to the message (Scott Cotton)
+
+ - Facilities for gating mail to a newsgroup, and for gating a
+ newsgroup to a mailing list (John Viega)
+
+ - Contact the SMTP port instead of calling sendmail (primarily for
+ portability) (John Viega)
+
+ - Changed all links on web pages to relative links where appropriate.
+ (John Viega)
+
+ - Use MD5 if crypt is not available (John Viega)
+
+ - Lots of fixing up of bounce handling (Ken Manheimer)
+
+ - General UI polishing (Ken Manheimer)
+
+ - mm_html: Make it prominent when the user's delivery is disabled
+ on his option page. (Ken Manheimer)
+
+ - mallist:DeleteMember() Delete the option setings if any. (Ken
+ Manheimer)
+
+1.0b3 (03-May-1998)
+
+ - mm_message:Deliverer.DeliverToList() added missing newline
+ between the headers and message body. Without it, any sequence
+ of initial body lines that _looked_ like headers ("Sir: Please
+ excuse my impertinence, but") got treated like headers.
+
+ - Fixed typo which broke subscription acknowledgement message
+ (thanks to janne sinkonen for pointing this out promptly after
+ release). (Anyone who applied my intermediate patch will
+ probably see this one trigger patch'es reversed-patch
+ detector...)
+
+ - Fixed cgi-wrapper.c so it doesn't segfault when invoked with
+ improper uid or gid, and generally wrappers are cleaned up a
+ bit.
+
+ - Prevented delivery-failure notices for misdirected subscribe-
+ confirmation requests from bouncing back to the -request addr,
+ and then being treated as failing requests.
+
+ Implemented two measures. Set the reply-to for the
+ confirmation- request to the -request addr, and the sender to be
+ the list admin. This way, bounces go to list admin instead of
+ to -request addr. (Using the errors-to header wasn't
+ sufficient. Thanks, barry, for pointing out the use of sender
+ here.) Second, ignore any mailcommands coming from postmaster
+ or non-login system type accounts (mailer-daemon, daemon,
+ postoffice, etc.)
+
+ - Reenabled admin setting of web_page_url - crucial for having
+ lists use alternate names of a host that occupies multiple
+ addresses.
+
+ - Fixed and refined admin-options help mechanism. Top-level visit
+ to general-category (where the "general" isn't in the URL) was
+ broken. New help presentation shows the same row that shows on
+ the actual options page.
+
+ - cron/crontab.in crontab template had wrong name for senddigests.
+
+ - Default digest format setting, as distributed, is now non-MIME,
+ on urging of reasoned voices asserting that there are still
+ enough bad MIME implementations in the world to be a nuisance to
+ too many users if MIME is the default. Sigh.
+
+ - MIME digests now preserve the structure of MIME postings,
+ keeping attachments as attachments, etc. They also are more
+ structured in general.
+
+ - Added README instructions explaining how to determine the right
+ UID and GID settings for the wrapper executables, and improved
+ some of the explanations about exploratory interaction
+ w/mailman.
+
+ - Removed the constraint that subscribers have their domain
+ included in a static list in the code. We might want to
+ eventually reincorporate the check for the sake of a warning
+ message, to give a heads up to the subscriber, but try delivery
+ anyway...
+
+ - Added missing titles to error docs.
+
+ - Improved several help details, including particularly explaining
+ better how real_name setting is used.
+
+ - Strengthened admonition against setting reply_goes_to_list.
+
+ - Added X-BeenThere header to postings for the sake of prevention
+ of external mail loops.
+
+ - Improved handling of bounced messages to better recognize
+ members address, and prevent duplicate attempts to react (which
+ could cause superfluous notices to administrator).
+
+ - Added __delitem__ method to mm_message.OutgoingMessage, to fix
+ the intermediate patch posted just before this one.
+
+ - Using keyword substitution format for more message text (ie,
+ "substituting %(such)s into text" % {'such': "something"}) to
+ make the substitutions less fragile and, presumably, easier to
+ debug.
+
+ - Removed hardwired (and failure-prone) /tmp file logging from
+ answer.majordomo_mail, and generally spiffed up following janne
+ sinkkonen's lead.
+
+1.0b2 (13-Apr-1998)
+1.0b1 (09-Apr-1998)
+
+ Web pages much more polished
+ - Better organized, text more finely crafted
+ - Easier, more refined layout
+ - List info and admin interface overviews, enumerate all public lists
+ (via, e.g., http://www.python.org/mailman/listinfo - sans the
+ specific list)
+ - Admin interface broken into sections, with help elaboration for
+ complicated configuration options
+
+ Mailing List Archives
+ - Integrated with a newer, *much* improved, external pipermail - to be
+ found at http://starship.skyport.net/crew/amk/maintained/pipermail.html
+ - Private archives protected with mailing list members passwords,
+ cookie-fied.
+
+ Spam prevention
+ - New spam prevention measures catch most if not all spam without
+ operator intervention or general constraints on who can post to
+ list:
+ require_explicit_destination option imposes hold of any postings
+ that do not have the list name in any of the to or cc header
+ destination addresses. This catches the vast majority of random
+ spam.
+ Other options (forbidden_posters, bounce_matching_headers) provide
+ for filtering of known transgressors.
+ - Option obscure_addresses (default on) causes mailing list subscriber
+ lists on the web to be slightly mangled so they're not directly
+ recognizable as email address by web spiders, which might be
+ seeking targets for spammers.
+
+ Site configuration arrangement organized - in mailman/mailman/modules:
+ - When installing, create a mailman/modules/mm_cfg.py (if there's not
+ one already there), using mm_cfg.py.dist as a template.
+ mm_default.py contains the distributed defaults, including
+ descriptions of the values. mm_cfg.py does a 'from mm_defaults.py
+ import *' to get the distributed defaults. Include settings in
+ mm_cfg.py for any values in mm_defaults.py that need to be
+ customized for your site, after the 'from .. import *'.
+ See mm_cfg.py.dist for more details.
+
+ Logging
+ - Major operations (subscription, admin approval, bounce,
+ digestification, cgi script failure tracebacks) logged in files
+ using a reliable mechanism
+ - Wrapper executables log authentication complaints via syslog
+
+ Wrappers
+ - All cgi-script wrapper executables combined in a single source,
+ easier to configure. (Mail and aliases wrappers separate.)
+
+ List structure version migration
+ - Provision for automatic update of list structures when moving to a
+ new version of the system. See modules/versions.py.
+
+ Code cleaning
+ - Many more module docstrings, __version__ settings, more function
+ docstrings.
+ - Most unqualified exception catches have been replaced with more
+ finely targeted catches, to avoid concealing bugs.
+ - Lotsa long lines wrapped (pet peeve:).
+
+ Random details (not complete, sorry):
+ - make archival frequency a list option
+ - Option for daily digest dispatch, in addition to size threshhold
+ - make sure users only get one periodic password notifcation message for
+ all the lists they're on (repaired 1.0b1.1 varying-case mistake)
+ - Fix rmlist sans-argument bug causing deletion of all lists!
+ - doubled generated random passwords to four letters
+ - Cleaned lots and lots of notices
+ - Lots and lots of html page cleanup, including table-of-contents, etc
+ - Admin options sections - don't do the "if so" if the ensuing list
+ is empty
+ - Prevent list subject-prefix cascade
+ - Sources under CVS
+ - Various spam filters - implicit-destination, header-field
+ - Adjusted permissions for group access
+ - Prevent redundant subscription from redundant vetted requests
+ - Instituted centralize, robustish logging
+ - Wrapper sources use syslog for logging (john viega)
+ - Sorting of users done on presentation, not in list.
+ - Edit options - give an error for non-existent users, not an options page.
+ - Bounce handling - offer 'disable' option, instead of remove, and
+ never remove without notifying admin
+ - Moved subscribers off of listinfo (and made private lists visible
+ modulo authentication)
+ - Parameterize default digest headers and footers and create some
+ - Put titles on cgi result pages that do not get titles (all?)
+ - Option for immediate admin notifcation via email of pending
+ requests, as well as periodic
+ - Admin options web-page help
+ - Enabled grouped and cascading lists despite implicit-name constraint
+ - Changed subscribers list so it has its own script (roster)
+ - Welcome pages: http://www.python.org/mailman/{admin,listinfo}/
+
+0.95 (25-Jan-1997)
+ - Fixed a bug in sending out digests added when adding disable mime option.
+ - Added an option to not notify about bounced posts.
+ - Added hook for pre-posting filters. These could be used to
+ auto-strip signatures. I'm using the feature to auto-strip footers
+ that are auto-generated by mail received from another mailing list.
+
+0.94 (22-Jan-1997)
+ - Made admin password work ubiquitously in place of a user password.
+ - Added an interface for getting / setting user options.
+ - Added user option to disable mime digests (digested people only)
+ - Added user option to not receive your own posts (nondigested people only)
+ - Added user option to ack posts
+ - Added user option to disable list delivery to their box.
+ - Added web interface to user options
+ - Config number of sendmail spawns on a per-list basis
+ - Fixed extra space at beginning of each message in digests...
+ - Handled comma separated emails in bounce messages...
+ - Added a FindUser() function to MailList. Used it where appropriate.
+ - Added mail interface to setting list options.
+ - Added name links to the templates options page
+ - Added an option so people can hide their names from the subscription list.
+ - Added an answer_majordomo_mail script for people switching...
+
+0.93 (18/20-Jan-1997)
+ - When delivering to list, don't call sendmail directly. Write to a file,
+ and then run the new deliver script, which forks and exits in the parent
+ immediately to avoid hanging when delivering mail for large lists, so that
+ large lists don't spend a lot of time locked.
+ - GetSender() no longer assumes that you don't have an owner-xxx address.
+ - Fixed unsubscribing via mail.
+ - Made subscribe via mail generate a password if you don't supply one.
+ - Added an option to clobber the date in the archives to the date the list
+ resent the post, so that the archive doesn't get mail from people sending
+ bad dates clumped up at the beginning or end.
+ - Added automatic error message processing as an option. Currently
+ logging to /tmp/bounce.log
+ - Changed archive to take a list as an argument, (the old way was broken)
+ - Remove (ignore) spaces in email addresses
+ - Allow user passwords to be case insensitive.
+ - Removed the cleanup script since it was now redundant.
+ - Fixed archives if there were no archives.
+ - Added a Lock() call to Load() and Create(). This fixes the
+ problem of loading then locking.
+ - Removed all occurances of Lock() except for the ones in mailing
+ list since creating a list
+ now implicitly locks it.
+ - Quote single periods in message text.
+ - Made bounce system handle digest users fairly.
+
+0.92 (13/16-Jan-1997)
+ - Added Lock and Unlock methods to list to ensure each operation is atomic
+ - Added a cmd that rms all files of a mailing list (but not the aliases)
+ - Fixed subscribing an unknown user@localhost (confirm this)
+ - Changed the sender to list-admin@... to ensure we avoid mail loops.
+ - check to make sure there are msgs to archive before calling pipermail.
+ - started using this w/ real mailing lists.
+ - Added a cron script that scours the maillog for User/Host unknown errs
+ - Sort membership lists
+ - Always display digest_is_default option
+ - Don't slam the TO list unless you're sending a digest.
+ - When making digest summaries, if missing sender name, use their email.
+ - Hacked in some protection against crappy dates in pipermail.py
+ - Made it so archive/digest volumes can go up monthly for large large lists.
+ - Number digest messages
+ - Add headers/footers to each message in digest for braindead mailers
+ - I removed some forgotten debug statements that caused server errors
+ when a CGI script sent mail.
+ - Removed loose_matches flag, since everything used it.
+ - Fixed a problem in pipermail if there was no From line.
+ - In upvolume_ scripts, remove INDEX files as we leave a volume.
+ - Threw a couple of scripts in bin for generating archives from majordomo's
+ digest-archives. I wouldn't recommend them for the layman, though, they
+ were meant to do a job quickly, not to be usable.
+
+0.91 (23-Dec-1996)
+ - broke code into mixins for managability
+ - tag parsing instead of lots of gsubs
+ - tweaked pipermail (see comments on pipermail header)
+ - templates are now on a per-list basis as intended.
+ - request over web that your password be emailed to you.
+ - option so that web subscriptions require email confirmation.
+ - wrote a first pass at an admin interface to configurable variables.
+ - made digests mime-compliant.
+ - added a FakeFile class that simulates enough of a file object on a
+ string of text to fool rfc822.Message in non-seek mode.
+ - changed OutgoingMessage not to require its args in constructor.
+ - added an admin request DB interface.
+ - clearly separated the internal name from the real name.
+ - replaced lots of ugly, redundant code w/ nice code.
+ (added Get...Email() interfaces, GetScriptURL, etc...)
+ - Wrote a lot of pretty html formatting functions / classes.
+ - Fleshed out the newlist command a lot. It now mails the new list
+ admin, and auto-updates the aliases file.
+ - Made multiple owners acceptable.
+ - Non-advertised lists, closed lists, max header length, max msg length
+ - Allowed editing templates from list admin pages.
+ - You can get to your info page from the web even if the list is closed.
+
+
+Local Variables:
+mode: indented-text
+indent-tabs-mode: nil
+End:
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-09 08:09:33 +0000