Posts in GroupServer Development
- Later 20 posts
- Earlier 20 posts
We have a list of design tweaks we want to make to our GroupServer site - http://forums.e-democracy.org - in the next week before a big announcement in mid-Feb. I am guessing about a day's work max. Drop me your info, hourly non-profit rates, etc. if interested in helping: <email obscured> Http://e-democracy.org/contact I'll reply with the list of items.
-- Steven Clift - http://stevenclift.com Executive Director - http://E-Democracy.org Twitter: http://twitter.com/democracy Tel/Text: +1.612.234.7072
Thanks to both Max and Dan.
As Dan said, anyone who is logged-in can change the GroupServer page
on this site¹. Looking at the History tab² I see that the person who
changed the page was "moran432". This person also happens to be a
member of this group.
I checked the log that GroupServer keeps of user-activity³. I see
that "moran432" joined this group five minutes before defacing the
GroupServer page. It appears to me that "moran432" joined this group
with the sole purpose of defacing the GroupServer page.
Based on this I have decided to take action to prevent further abuse by
"moran423". First, I have blocked the email address of "moran423"⁴.
Second, I am about to remove him or her from this group. If "moran423"
contacts me and provides an adequate reason for the defacement I will
unblock his or her address, and allow him or her to rejoin the group.
The way that I tend to secure sites is to have
* *Slightly* more lose security than necessary,
* Very good logging, and
* A way of rolling back changes.
That way even if I do mess up⁵ — and the security is too lax — then I
have a good record of what happened, and I can fix things afterwards.
Kind regards, and thanks again,
Michael
*Footnotes*
1. The GroupServer page on this site
<http://groupserver.org/groupserver>
2. The Histroy tab is also visible to any logged-in member.
3. User-activity is stored in the "audit_event" table, for what it
is worth.
4. To block an email address you add it to the "email_blacklist"
table.
5. As I am human, and security is complex, I *am* likely to mess up.
Thanks for letting us know about that, Max. I have reverted the page. Yes, that page and various others are publicly modifiable, so that the GroupServer development community can participate in maintaining the documentation. This is a good example of the use case for <https://projects.iopen.net/groupserver/ticket/386> but in this case, your participation did the job. Thank you again :).
Dan -- @danrandow +64-27-431-4928 +64-3-377-5377 Chief Wrangler http://onlinegroups.net
You may interested to learn that the main documentation page at http://groupserver.org/groupserver has apparently been defaced. Was that page publicly modifiable?
Hi All, I am looking at tidying up the notifications that GroupServer sends out. As part of this I have updated our list of notifications sent out by GroupServer. The new list is below, in reStructuredText (notifications.txt) and HTML (notifications.html). The original list was written by Alice. In the updated list I have added the "Request Membership" notification, and updated the notifications that I have moved to the file-system. As Dan said to me, there are lots of notifications, reflecting the complexity of GroupServer. I hope to improve them as I slowly work through the system changing and improving things.
Hi Kevin: I'd say a minimum of 10GB of diskspace and 1GB of RAM above whatever else you require for your other sites. It can be a little memory hungry (lots of caching mostly) and the diskspace really depends on just how much data you'll be storing from your emails (and whether your users have large attachments). Best regards, Richard.
Hi gleasonlia, Yes, the occasional duplicate messages issue has been fixed <http://groupserver.org/r/post/168ICYUPNZnSMMXrRD5tAw> Kind regards, Michael
+1 on refactoring the authentication system. I am particularly interested in the possibility of provisioning users via LDAP, and single sign-on via Kerberos.
This looks like a fantastic product. Thanks for the effort, and for making it open-source. I am looking to move 600-odd users from mailman. Average around 20 mails per day. As a non-profit (The Mankind Project of South Africa) the price you are asking on onlinegroups.net is too high. I really don;t like the idea of using Google Groups though. Since we already have a hosted web-site (PHP/Mysql) - also relatively low traffic; the question is whether we could reasonably combine this product and the websites on a virtual Linux server. And if we could - what is the smallest host size we can get away with. Any pointers on sizing would be fantastic.
Thanks
IS this fixed already?
I have added the packages that are required for XML support and XSLT support to the list of requirements for CentOS and RHEL <http://groupserver.org/downloads/install/#requirements>.
Just to update the record, this is fixed now -- there was a duplicate cron entry causing the spool to get processed twice in a bit of a race condition. --Richard
I was reviewing the install a bit this morning and realized I had forgotten the following packages from the list I posted yesterday:
libxml2 libxml2-devel libxslt libxslt-devel
Hi, Patrick, I greatly appreciate the list of CentOS packages. I have updated the installation documentation to include your list, and a note about Virtualenv <http://groupserver.org/downloads/install>.
Well why don't we start with the required packages for CentOS / RHEL 6.1? I'll setup another VM in a few days and go through the process again, documenting it better that time and share here. But for now, the requirements install in CentOS 6.1 yum packages are: python-devel python-setuptools make gcc-c++ postgresql postgresql-server postgresql-libs postgresql-devel postfix libzip libzip-devel zlib zlib-devel You'll notice that python-virtualenv isn't listed as it is for Ubuntu. That's because the virtualenv package is only available as a YUM install from 3rd-party repositories and I don't like going any further than the CentOS Plus repo for production servers. So in order to get virtualenv, you'll then need to execute: # easy_install virtualenv I'll post more CentOS-related directions once I've gone through the install process successfully again. Note that this is for CentOS 6.1, which was just released on Dec 9th, as it was a brand new box so ... why not, right? I haven't tested CentOS 6.0, but I do know there were some issues related to the easy_install installer and the specific version of Python that shipped with CentOS 6.0, so I wouldn't guarantee success on anything under 6.1 (in the 6.x family).
I agree that it would be great to have instructions that contain specifics about what is required for each distribution, such as CentOS, Debian, RHEL, and SUSE. I hope to accumulate more specific instructions over time, as different people try out GroupServer.
Thanks Michael. It certainly was an interesting experience getting it setup on CentOS 6.1. Any plans to expand the installation guide to include more distribution-specific instructions?
I am glad to read you managed to get email to and from GroupServer, Patrick.
SOLVED - it was the XVERP issue discussed before, since I wasn't running postfix on localhost, I needed to add the interface IP to the verp list in main.cf.
When my cron script hits the processSpool URL, I can see it trying to work as I see the following in my /var/log/maillog: ec 14 17:21:28 slingshot postfix/smtpd[2874]: connect from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2879]: connect from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2874]: lost connection after RSET from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2874]: disconnect from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2874]: connect from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2874]: lost connection after RSET from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2874]: disconnect from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2879]: lost connection after RSET from groups.olap4php.org[10.1.1.68] Dec 14 17:21:28 slingshot postfix/smtpd[2879]: disconnect from groups.olap4php.org[10.1.1.68] However, no e-mails are processed or sent out. GroupServer is receiving the e-mails as the topics are being created on the Web UI. I also know GroupServer can send e-mail as it sends the welcome e-mails without issue. Any ideas what could be causing this? I see nothing of relevance in the instance.log or instance-Z2.log. Anywhere else I could look?
- Later 20 posts
- Earlier 20 posts
Privacy | Acceptable Use | Terms of Service | About OnlineGroups.Net | Contact OnlineGroups.Net
Start an OnlineGroups.Net site for easier email collaboration in your organization.
Powered by GroupServer, the open source web-based mailing list manager.