
For the past six months, all our mailing list sites have supported HTTPS without incident. The main downside to the current implementation is that Mailman itself writes some URLs with an explicit scheme, causing people submitting forms from pages served over HTTPS to get warnings because the forms are posting to plain HTTP URLs for the same site. In order to correct this, we need to tell Mailman to put https:// instead of http:// into these, but doing so essentially eliminates any reason for us to continue serving content over plain HTTP anyway. Configure the default URL scheme of all our Mailman sites to use HTTPS now, and set up permanent redirects from HTTP to HTTPS, per the examples in the project's documentation: https://wiki.list.org/DOC/4.27%20Securing%20Mailman%27s%20web%20GUI%20by%20using%20Secure%20HTTP-SSL%20%28HTTPS%29 Also update our testinfra functions to validate the blanket redirects and perform all other testing over HTTPS. Once this merges, the fix_url script will need to be run manually against all lists for the current sites, as noted in that document. Change-Id: I366bc915685fb47ef723f29d16211a2550e02e34
154 lines
5.8 KiB
Django/Jinja
154 lines
5.8 KiB
Django/Jinja
# -*- python -*-
|
|
|
|
# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
# 02110-1301 USA
|
|
|
|
|
|
"""This is the module which takes your site-specific settings.
|
|
|
|
From a raw distribution it should be copied to mm_cfg.py. If you
|
|
already have an mm_cfg.py, be careful to add in only the new settings
|
|
you want. The complete set of distributed defaults, with annotation,
|
|
are in ./Defaults. In mm_cfg, override only those you want to
|
|
change, after the
|
|
|
|
from Defaults import *
|
|
|
|
line (see below).
|
|
|
|
Note that these are just default settings - many can be overridden via the
|
|
admin and user interfaces on a per-list or per-user basis.
|
|
|
|
Note also that some of the settings are resolved against the active list
|
|
setting by using the value as a format string against the
|
|
list-instance-object's dictionary - see the distributed value of
|
|
DEFAULT_MSG_FOOTER for an example."""
|
|
|
|
|
|
#######################################################
|
|
# Here's where we get the distributed defaults. #
|
|
|
|
from Mailman.Defaults import *
|
|
|
|
##############################################################
|
|
# Put YOUR site-specific configuration below, in mm_cfg.py . #
|
|
# See Defaults.py for explanations of the values. #
|
|
|
|
#-------------------------------------------------------------
|
|
# The name of the list Mailman uses to send password reminders
|
|
# and similar. Don't change if you want mailman-owner to be
|
|
# a valid local part.
|
|
MAILMAN_SITE_LIST = 'mailman'
|
|
|
|
#-------------------------------------------------------------
|
|
# If you change these, you have to configure your http server
|
|
# accordingly (Alias and ScriptAlias directives in most httpds)
|
|
DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/'
|
|
PRIVATE_ARCHIVE_URL = '/cgi-bin/mailman/private'
|
|
IMAGE_LOGOS = '/images/mailman/'
|
|
|
|
#-------------------------------------------------------------
|
|
# Default domain for email addresses of newly created MLs
|
|
DEFAULT_EMAIL_HOST = '{{ mailman_site.listdomain }}'
|
|
#-------------------------------------------------------------
|
|
# Default host for web interface of newly created MLs
|
|
DEFAULT_URL_HOST = '{{ mailman_site.listdomain }}'
|
|
#-------------------------------------------------------------
|
|
# Required when setting any of its arguments.
|
|
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
|
|
|
|
#-------------------------------------------------------------
|
|
# The default language for this server.
|
|
DEFAULT_SERVER_LANGUAGE = 'en'
|
|
|
|
#-------------------------------------------------------------
|
|
# Iirc this was used in pre 2.1, leave it for now
|
|
USE_ENVELOPE_SENDER = 0 # Still used?
|
|
|
|
#-------------------------------------------------------------
|
|
# Unset send_reminders on newly created lists
|
|
DEFAULT_SEND_REMINDERS = 0
|
|
|
|
#-------------------------------------------------------------
|
|
# Uncomment this if you configured your MTA such that it
|
|
# automatically recognizes newly created lists.
|
|
# (see /usr/share/doc/mailman/README.Exim4.Debian or
|
|
# /usr/share/mailman/postfix-to-mailman.py)
|
|
MTA=None # Misnomer, suppresses alias output on newlist
|
|
|
|
#-------------------------------------------------------------
|
|
# Uncomment if you use Postfix virtual domains (but not
|
|
# postfix-to-mailman.py), but be sure to see
|
|
# /usr/share/doc/mailman/README.Debian first.
|
|
# MTA='Postfix'
|
|
|
|
#-------------------------------------------------------------
|
|
# Uncomment if you want to filter mail with SpamAssassin. For
|
|
# more information please visit this website:
|
|
# http://www.jamesh.id.au/articles/mailman-spamassassin/
|
|
# GLOBAL_PIPELINE.insert(1, 'SpamAssassin')
|
|
|
|
# Note - if you're looking for something that is imported from mm_cfg, but you
|
|
# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py.
|
|
|
|
# Enable VERP, but let Exim create the VERP addresses since it's
|
|
# more efficient. --jeblair
|
|
|
|
VERP_PASSWORD_REMINDERS = 1
|
|
VERP_PERSONALIZED_DELIVERIES = 1
|
|
VERP_CONFIRMATIONS = 1
|
|
VERP_DELIVERY_INTERVAL = 0
|
|
|
|
# Make membership viewable by admin only by default (lp bug 1021493)
|
|
# Private_roster == 0: anyone can see, 1: members only, 2: admin only.
|
|
DEFAULT_PRIVATE_ROSTER = 2
|
|
|
|
# All `normal' messages which are delivered to the entire list membership go
|
|
# through this pipeline of handler modules. Lists themselves can override the
|
|
# global pipeline by defining a `pipeline' attribute.
|
|
|
|
# AvoidDuplicates is removed because it modifies the CC header, which
|
|
# can break DKIM signatures. --jeblair
|
|
GLOBAL_PIPELINE = [
|
|
# These are the modules that do tasks common to all delivery paths.
|
|
'SpamDetect',
|
|
'Approve',
|
|
'Replybot',
|
|
'Moderate',
|
|
'Hold',
|
|
'MimeDel',
|
|
'Scrubber',
|
|
'Emergency',
|
|
'Tagger',
|
|
'CalcRecips',
|
|
'Cleanse',
|
|
'CleanseDKIM',
|
|
'CookHeaders',
|
|
# And now we send the message to the digest mbox file, and to the arch and
|
|
# news queues. Runners will provide further processing of the message,
|
|
# specific to those delivery paths.
|
|
'ToDigest',
|
|
'ToArchive',
|
|
'ToUsenet',
|
|
# Now we'll do a few extra things specific to the member delivery
|
|
# (outgoing) path, finally leaving the message in the outgoing queue.
|
|
'AfterDelivery',
|
|
'Acknowledge',
|
|
'WrapMessage',
|
|
'ToOutgoing',
|
|
]
|