path: root/NEWS

Mailman - The GNU Mailing List Management System
Copyright (C) 1998 by the Free Software Foundation, Inc.
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

1.0rc3

- Removed a bottleneck in the archiving code that was causing
  performance problems on highly loaded servers.

- The code that saves a list's state and configuration database has
  been made more robust.

- Additional exception handlers have been added in several places to
  alleviate problems with Mailman bombing out when it really would be
  better to print/log a helpful message.

- The "password" mail command will now mail back the sender's
  subscription password when given with no arguments.

- The embarrassing subject-prefixing bug present in rc2 has been
  fixed.

- A small (but nice :) collection of other squashed bugs.

1.0rc2

- A security flaw in the CGI cookie mechanisms was discovered -- the
  Mailman-issued cookies were easily spoofable, implying that
  e.g. admin access to all Mailman lists via the web interface could
  be compromised.  This flaw has now been fixed.

- Handling of SMTP errors has been improved.

- Both "Mass Subscription" via web admin interface and bin/add_members
  have been greatly sped up.

- autoconf check for syslog has been revamped, and is now verified to
  work on SCO OpenServer 5.  If syslog can't be found, the C wrappers
  will compile, but without any syslog calls.

- Various other bug fixes.

1.0rc1

- There is a new Mailman logo, contributed by The Dragon De Monsyne.
  Please read the INSTALL file for information about installing the
  logo in a place your Web server can find it.

- USE_ENVELOPE_SENDER is now set to 0 by default.  Turning this on
  caused problems for too many users; lists restricted to member-only
  posts were not matching the addresses correctly.

- A revamped bin/withlist to be a little more useful.

- A revamped cron/mailpasswds which groups users by virtual hosts.

- The usual assortment of bug fixes.

1.0b11

- Bug fixes and improvements for case preservation of subscribed
  addresses.  The DATA_FILE_VERSION has been bumped to 14.

- New script bin/withlist, useful for interactive debugging.

1.0b10

- New script bin/sync_members which can be used to synchronize a
  list's membership against a flat (e.g. sendmail :include: style)
  file.

- bin/add_members and bin/remove_members now accept addresses on the
  command line with `-' as the value for the -d and -n options.

- Added variable USE_ENVELOPE_SENDER to Defaults.py for site-wide
  configuration of address matching scheme.  With this variable set to 
  true, the envelope sender (e.g. Unix "From_" header) is used to
  match addresses, otherwise the From: header is used.  Envelope
  sender matching seems not to work on many systems.  This variable is 
  currently defaulted to 1, but may change to 0 for the final release.

- Reorganization of the membership management admin page.  Also member
  addresses are linked to their options page.  Only the `General'
  category has the admin password change form.

- Major reorganization of email command handling and responses.
  `notmetoo' is the preferred email command instead of `norcv',
  although the latter is still accepted as an argument.  If more than
  5 errors are found in the message, command processing is halted.

- User options page now shows the user their case-preserved subscribed 
  address as well.

- The usual assortment of bug fixes.

1.0b9

- New bin scripts: clone_member, list_members, add_members (a
  consolidation of convertlist and populate_new_list which have been
  removed).

- Two new readmes have been added: README.LINUX and README.QMAIL

- New configure option --with-cgi-ext which can be used if your Web
  server requires extensions on CGI scripts.  The extension must
  include a dot (e.g. --with-cgi-ext=".cgi").

- Many bug fixes, including the setgid problem that was causing mail
  to be lost on some versions of Linux.

1.0b8

 - Bug fixes and workarounds for certain Linuxes.

 - Illegal addresses are no longer allowed to be subscribed, from any
   interface.

1.0b7

 - Many, many bug fixes.  Some performance improvements for large
   lists.  Some improvements in the Web interfaces.  Some security
   improvements.  Improved compatibility with Python 1.5.

 - bin/convert_list and bin/populate_new_list have been replaced by
   bin/add_members.

 - Admins can now get notification on subscriptions and
   unsubscriptions.  Post are now logged.

 - The username portion of email addresses are now case-preserved for
   delivery purposes.  All other address comparisions are
   case-insensitive.

 - New default SMTP_MAX_RCPTS that limits the number of "RCPT TO" SMTP 
   commands that can be given for a single message.  Most MTAs have
   some hard limit.

 - "Precedence: bulk" header and "List-id:" header are now added to
   all outgoing messages.  The latter is not added if the message
   already has a "List-id:" header.  See RFC 2046 and
   draft-chandhok-listid-02 for details.

 - The standard (as of Python 1.5.2) smtplib.py is now used.

 - The install process now compiles all the .py files in the installation.

 - Versions of the Mailman papers given at IPC7 and LISA-98 are now
   included.


1.0b6

 - Archiving is (finally) back in.

 - Administrivia filter added.

 - Mail queue mechanism revamped with better concurrency control.

 - For recipients that have estmp MTAs, set delivery notification
   status so that only delivery failure notices are sent out,
   inhibiting 4 hour and N day warning notices.

 - Now expire old unconfirmed subscription requests, rather than keeping
   them forever.

 - Added proposed standard List-Id: header, and our own X-MailmanVersion
   header.                                 

 - Prevent havoc from attempts to subscribe a list to itself.  (!)

 - Refine mail command processing to prevent loops.

 - Pending subscription DB redone with better locking and cleaner 
   interface. 

 - posters functionality expanded.

 - Subcsription policy more flexible, sensible, and site-configurable.

 - Various and sundry bug fixes.


1.0b5

 - New file locking that should be portable and work w/ NFS.

 - Better use of packages.

 - Better error logging and reporting.

 - Less startup overhead.

 - Various and sundry bug fixes.



1.0b4
 
 - A configure script for easy installation (Barry Warsaw)

 - The ability to install Mailman to locations other than /home/mailman 
   (Barry Warsaw)

 - Use cookies on the admin pages (also hides admin pages from others)
   (Scott Cotton)

 - Subscription requests send a request for confirmation, which may be
   done by simply replying to the message (Scott Cotton)

 - Facilities for gating mail to a newsgroup, and for gating a newsgroup
   to a mailing list (John Viega)

 - Contact the SMTP port instead of calling sendmail (primarily for 
   portability) (John Viega)

 - Changed all links on web pages to relative links where appropriate.
   (John Viega)

 - Use MD5 if crypt is not available (John Viega)

 - Lots of fixing up of bounce handling (Ken Manheimer)

 - General UI polishing (Ken Manheimer)

 - mm_html: Make it prominent when the user's delivery is disabled
   on his option page. (Ken Manheimer)

 - mallist:DeleteMember() Delete the option setings if any. (Ken Manheimer) 

DONE for mailman 1.0b3 

1.0b3 (05/03/1998) All changes by klm@python.org (ken manheimer)

 Items marked by an '*' asterisk have greater operational impact.

 * mm_message:Deliverer.DeliverToList() added missing newline between
   the headers and message body.  Without it, any sequence of initial
   body lines that _looked_ like headers ("Sir: Please excuse my
   impertinence, but") got treated like headers.

 * Fixed typo which broke subscription acknowledgement message (thanks 
   to janne sinkonen for pointing this out promptly after release).
   (Anyone who applied my intermediate patch will probably see this
   one trigger patch'es reversed-patch detector...)

 * Fixed cgi-wrapper.c so it doesn't segfault when invoked with
   improper uid or gid, and generally wrappers are cleaned up a bit.

 * Prevented delivery-failure notices for misdirected subscribe-
   confirmation requests from bouncing back to the -request addr, and
   then being treated as failing requests.

   Implemented two measures.  Set the reply-to for the confirmation-
   request to the -request addr, and the sender to be the list admin.
   This way, bounces go to list admin instead of to -request addr.
   (Using the errors-to header wasn't sufficient.  Thanks, barry, for
   pointing out the use of sender here.)  Second, ignore any
   mailcommands coming from postmaster or non-login system type
   accounts (mailer-daemon, daemon, postoffice, etc.)

 * Reenabled admin setting of web_page_url - crucial for having
   lists use alternate names of a host that occupies multiple addresses.

 * Fixed and refined admin-options help mechanism.  Top-level visit to
   general-category (where the "general" isn't in the URL) was broken.
   New help presentation shows the same row that shows on the actual
   options page.

 * cron/crontab.in crontab template had wrong name for senddigests.

 * Default digest format setting, as distributed, is now non-MIME, on
   urging of reasoned voices asserting that there are still enough bad
   MIME implementations in the world to be a nuisance to too many
   users if MIME is the default.  Sigh.

 * MIME digests now preserve the structure of MIME postings, keeping
   attachments as attachments, etc.  They also are more structured in
   general.

 * Added README instructions explaining how to determine the right 
   UID and GID settings for the wrapper executables, and improved
   some of the explanations about exploratory interaction w/mailman.

 * Removed the constraint that subscribers have their domain included
   in a static list in the code.  We might want to eventually
   reincorporate the check for the sake of a warning message, to give
   a heads up to the subscriber, but try delivery anyway...

 - Added missing titles to error docs.

 - Improved several help details, including particularly explaining
   better how real_name setting is used.

 - Strengthened admonition against setting reply_goes_to_list.

 - Added X-BeenThere header to postings for the sake of prevention
   of external mail loops.

 - Improved handling of bounced messages to better recognize members
   address, and prevent duplicate attempts to react (which could cause 
   superfluous notices to administrator).

 - Added __delitem__ method to mm_message.OutgoingMessage, to fix the
   intermediate patch posted just before this one.

 - Using keyword substitution format for more message text (ie,
   "substituting %(such)s into text" % {'such': "something"}) to make
   the substitutions less fragile and, presumably, easier to debug.

 - Removed hardwired (and failure-prone) /tmp file logging from
   answer.majordomo_mail, and generally spiffed up following janne
   sinkkonen's lead.
   
   

1.0b2 (04/13/1998) and 1.0b1.1 (04/09/1998): klm (ken manheimer)

  Web pages much more polished 
   - Better organized, text more finely crafted
   - Easier, more refined layout
   - List info and admin interface overviews, enumerate all public lists
     (via, e.g., http://www.python.org/mailman/listinfo - sans the
     specific list)
   - Admin interface broken into sections, with help elaboration for
     complicated configuration options
  Mailing List Archives
   - Integrated with a newer, *much* improved, external pipermail - to be
     found at http://starship.skyport.net/crew/amk/maintained/pipermail.html
   - Private archives protected with mailing list members passwords,
     cookie-fied.
  Spam prevention
   - New spam prevention measures catch most if not all spam without
     operator intervention or general constraints on who can post to
     list:
       require_explicit_destination option imposes hold of any postings
       that do not have the list name in any of the to or cc header
       destination addresses.  This catches the vast majority of random
       spam.
     Other options (forbidden_posters, bounce_matching_headers) provide
     for filtering of known transgressors.
   - Option obscure_addresses (default on) causes mailing list subscriber
     lists on the web to be slightly mangled so they're not directly
     recognizable as email address by web spiders, which might be
     seeking targets for spammers.
  Site configuration arrangement organized - in mailman/mailman/modules:
   - When installing, create a mailman/modules/mm_cfg.py (if there's not 
     one already there), using mm_cfg.py.dist as a template.
     mm_default.py contains the distributed defaults, including
     descriptions of the values.  mm_cfg.py does a 'from mm_defaults.py
     import *' to get the distributed defaults.  Include settings in
     mm_cfg.py for any values in mm_defaults.py that need to be
     customized for your site, after the 'from .. import *'.
   See mm_cfg.py.dist for more details.
  Logging
   - Major operations (subscription, admin approval, bounce,
     digestification, cgi script failure tracebacks) logged in files
     using a reliable mechanism
   - Wrapper executables log authentication complaints via syslog
  Wrappers
   - All cgi-script wrapper executables combined in a single source,
     easier to configure.  (Mail and aliases wrappers separate.)
  List structure version migration
   - Provision for automatic update of list structures when moving to a
     new version of the system.  See modules/versions.py.
  Code cleaning
   - Many more module docstrings, __version__ settings, more function
     docstrings.
   - Most unqualified exception catches have been replaced with more
     finely targeted catches, to avoid concealing bugs.
   - Lotsa long lines wrapped (pet peeve:).
  Random details (not complete, sorry):
   - make archival frequency a list option
   - Option for daily digest dispatch, in addition to size threshhold
   - make sure users only get one periodic password notifcation message for
     all the lists they're on (repaired 1.0b1.1 varying-case mistake)
   - Fix rmlist sans-argument bug causing deletion of all lists!
   - doubled generated random passwords to four letters
   - Cleaned lots and lots of notices
   - Lots and lots of html page cleanup, including table-of-contents, etc
   - Admin options sections - don't do the "if so" if the ensuing list is empty 
   - Prevent list subject-prefix cascade
   - Sources under CVS
   - Various spam filters - implicit-destination, header-field
   - Adjusted permissions for group access
   - Prevent redundant subscription from redundant vetted requests
   - Instituted centralize, robustish logging
   - Wrapper sources use syslog for logging (john viega)
   - Sorting of users done on presentation, not in list.
   - Edit options - give an error for non-existent users, not an options page.
   - Bounce handling - offer 'disable' option, instead of remove, and
     never remove without notifying admin
   - Moved subscribers off of listinfo (and made private lists visible
     modulo authentication) 
   - Parameterize default digest headers and footers and create some
   - Put titles on cgi result pages that do not get titles (all?)
   - Option for immediate admin notifcation via email of pending
     requests, as well as periodic 
   - Admin options web-page help
   - Enabled grouped and cascading lists despite implicit-name constraint
   - Changed subscribers list so it has its own script (roster)
   - Welcome pages: http://www.python.org/mailman/{admin,listinfo}/

0.95: (Jan 25, 1997)
  - Fixed a bug in sending out digests added when adding disable mime option.
  - Added an option to not notify about bounced posts.
  - Added hook for pre-posting filters.  These could be used to
    auto-strip signatures.  I'm using the feature to auto-strip footers
    that are auto-generated by mail received from another mailing list.

0.94: (Jan 22, 1997)
  - Made admin password work ubiquitously in place of a user password.
  - Added an interface for getting / setting user options.
  - Added user option to disable mime digests (digested people only)
  - Added user option to not receive your own posts (nondigested people only)
  - Added user option to ack posts
  - Added user option to disable list delivery to their box.
  - Added web interface to user options
  - Config number of sendmail spawns on a per-list basis
  - Fixed extra space at beginning of each message in digests...
  - Handled comma separated emails in bounce messages...
  - Added a FindUser() function to MailList.  Used it where appropriate.
  - Added mail interface to setting list options.
  - Added name links to the templates options page
  - Added an option so people can hide their names from the subscription list.
  - Added an answer_majordomo_mail script for people switching...

0.93: (Jan 18,20 1997)
  -  When delivering to list, don't call sendmail directly.  Write to a file,
     and then run the new deliver script, which forks and exits in the parent
     immediately to avoid hanging when delivering mail for large lists, so that
     large lists don't spend a lot of time locked.
  -  GetSender() no longer assumes that you don't have an owner-xxx address.
  -  Fixed unsubscribing via mail.
  -  Made subscribe via mail generate a password if you don't supply one.  
  -  Added an option to clobber the date in the archives to the date the list
     resent the post, so that the archive doesn't get mail from people sending
      bad dates clumped up at the beginning or end.
  -  Added automatic error message processing as an option.  Currently
     logging to /tmp/bounce.log 
  -  Changed archive to take a list as an argument, (the old way was broken)
  -  Remove (ignore) spaces in email addresses
  -  Allow user passwords to be case insensitive.
  -  Removed the cleanup script since it was now redundant.
  -  Fixed archives if there were no archives.
  -  Added a Lock() call to Load() and Create().  This fixes the
     problem of loading then locking. 
  -  Removed all occurances of Lock() except for the ones in mailing
     list since creating a list 
     now implicitly locks it. 
  -  Quote single periods in message text.
  - Made bounce system handle digest users fairly.

0.92: (Jan 13-16 1997)
  -  Added Lock and Unlock methods to list to ensure each operation is atomic
  -  Added a cmd that rms all files of a mailing list (but not the aliases)
  -  Fixed subscribing an unknown user@localhost (confirm this)
  -  Changed the sender to list-admin@... to ensure we avoid mail loops.
  -  check to make sure there are msgs to archive before calling pipermail.
  -  started using this w/ real mailing lists.
  -  Added a cron script that scours the maillog for User/Host unknown errs
  -  Sort membership lists
  -  Always display digest_is_default option
  -  Don't slam the TO list unless you're sending a digest.
  -  When making digest summaries, if missing sender name, use their email.
  -  Hacked in some protection against crappy dates in pipermail.py
  -  Made it so archive/digest volumes can go up monthly for large large lists.
  -  Number digest messages
  -  Add headers/footers to each message in digest for braindead mailers
  -  I removed some forgotten debug statements that caused server errors
         when a CGI script sent mail.
  -  Removed loose_matches flag, since everything used it.
  -  Fixed a problem in pipermail if there was no From line.
  -  In upvolume_ scripts, remove INDEX files as we leave a volume.
  -  Threw a couple of scripts in bin for generating archives from majordomo's
     digest-archives.  I wouldn't recommend them for the layman, though, they
     were meant to do a job quickly, not to be usable.

0.91: (Dec 23 1996)
  -  broke code into mixins for managability
  -  tag parsing instead of lots of gsubs
  -  tweaked pipermail (see comments on pipermail header)
  -  templates are now on a per-list basis as intended.
  -  request over web that your password be emailed to you.
  -  option so that web subscriptions require email confirmation. 
  -  wrote a first pass at an admin interface to configurable variables.
  -  made digests mime-compliant.
  -  added a FakeFile class that simulates enough of a file object on a
	string of text to fool rfc822.Message in non-seek mode.
  -  changed OutgoingMessage not to require its args in constructor.
  -  added an admin request DB interface.
  -  clearly separated the internal name from the real name.
  -  replaced lots of ugly, redundant code w/ nice code.  
	(added Get...Email() interfaces, GetScriptURL, etc...)
  -  Wrote a lot of pretty html formatting functions / classes. 
(Dec 27 1997)
  -  Fleshed out the newlist command a lot.  It now mails the new list 
	admin, and auto-updates the aliases file.  
  -  Made multiple owners acceptable.
  -  Non-advertised lists, closed lists, max header length, max msg length
  -  Allowed editing templates from list admin pages.
  -  You can get to your info page from the web even if the list is closed.


Local Variables:
mode: indented-text
indent-tabs-mode: nil
End: