SELS

About NCSA Projects User Info News

University of Illinois
at Urbana-Champaign

sels

SourceForge.net Logo

Download SELS brochure

SELS Brochure

Server

Quick links: Install Usage

Install

  1. Download the tarball from the Download page to an appropriate location , usually, /usr/local . (Note: If you are reinstalling SELS List Server then make sure to keep a backup of selsX-X/LS/bin/SELSLSConfig.py)
  2. Untar using tar xfzo sels-X.X.tar.gz .
  3. cd selsX-X/
  4. Build the SELS code. configure requires two arguments: selspath and mailman-path. selspath is defined based on where ever you want to install SELS. The default location for SELS is /usr/local. Therefore selspath = /usr/local/selsX.X/LS.
    mailman-path is the location where mailman "lists" folder is installed. Mailman is usually installed in /usr/local. To find where mailman is installed run "locate lists". This will return a path like "/usr/local/mailman/lists". If /usr/local/mailman/lists exists, then mailman-path=/usr/local/mailman. In Fedora core 7 the mailman "lists" folder is installed in /var/lib/mailman. In this case mailman-path=/var/lib/mailman. We also need the path for mailman logs directory. Mailman logs are usually installed in mailman-log=path=/var/log/mailman
     ./configure --prefix=selspath --with-mailman=mailman-path --with-mailmanlogs=mailman-log-path 
    make
    su
    make install
  5. To check SELS prerequisites execute the following script.
    python SELScreate.py -i

    Install any missing software (refer FAQ) and upgrade to appropriate versions if necessary.

    1. Check if you have the Unlimited Strength Policy files for your Java version using:
      python SELScreate.py -p
    2. If you do not see a message "Unlimited Strength Policy Test Successful" then these files are not installed in your system correctly. To install them in the appropriate location follow these steps. Download the appropriate Java version Unlimited Strength Policy files, for example, for Java 1.6.X download from here to say /tmp. Unpack these zip archive. On Linux run "locate" command to find the location of the files namely US_export_policy.jar, local_policy.jar, COPYRIGHT.html and README.txt. These files must be present with the default version of Java installed on your machine. Copy the "Unlimited Strength" files from /tmp to overwrite these files. Repeat Step 5a.

  6. Copy Mailman handlers for SELS. Follow instructions in the file MailmanREADME to apply the Mailman patches.
    cp /usr/local/sels-X.X/LS/bin/Mailman_Handlers/*.py  ~/mailman/Mailman/Handlers/ 
  7. Add "SELS" handler to the global pipeline at ~/mailman/Mailman/Defaults.py . To do so put the following line at the bottom of the script ~/mailman/Mailman/mm_cfg.py. This will find 'Moderate' in the list and insert 'SELS' at that point. More information is here.
    GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Moderate'), 'SELS') 
  8. Restart mailman using:
    ~/mailman/bin/mailmanctl restart
  9. Edit /usr/local/sels-X.X/LS/bin/SELSLSConfig.py to change any default values if necessary. Make sure you have a GnuPG signing and verification keypair for List Server Admin.

Usage

Say you are the List Server admin and your email address is selsadmin@pkirack1.ncsa.uiuc.edu. Let us say the List Moderator creates a list called "mylist" at the NCSA List Server.

Creating a secure list

  1. Edit sels-X.X/LS/bin/SELSLSConfig.py and change "Global Variables" for your List Server.
  2. You will receive an email with subject " Request to create list mylist" from the List Moderator.
  3. su 
    cd /usr/local/sels-X.X/LS/bin
    python SELScreate.py -l mylist
    Choose option 1 i.e. "Create local keyring for list" and follow instructions. Use gpg --list-keys to list keys in your keyring and note the key id for List Server Administrator's key. Use gpg --export-secret-key -a <List-server-admin-keyid> and copy the output and paste it when the requested.
  4. Edit the script sels-X.X/LS/bin/sendemailtoLM.py and change the list creator password you have set for Mailman running on your List Server. Execute this script. Choose option 1 "Send signature verification key to LM" and then option 2 "Send list creator password to LM"
    python sendemailtoLM.py 
  5. You will then receive a list creation email from mailman, when the List Moderator creates mylist via the web interface at NCSA List Server.
  6. Now you should edit the /etc/aliases files and paste the following lines (assuming mailman is installed at /usr/local) for mylist at the bottom of the file.

    ## mylist mailing list

    mylist: "|/usr/local/mailman/mail/mailman post mylist"

    mylist-admin: "|/usr/local/mailman/mail/mailman admin mylist"

    mylist-bounces: "|/usr/local/mailman/mail/mailman bounces mylist"

    mylist-confirm: "|/usr/local/mailman/mail/mailman confirm mylist"

    mylist-join: "|/usr/local/mailman/mail/mailman join mylist"

    mylist-leave: "|/usr/local/mailman/mail/mailman leave mylist"

    mylist-owner: "|/usr/local/mailman/mail/mailman owner mylist"

    mylist-request: "|/usr/local/mailman/mail/mailman request mylist"

    mylist-subscribe: "|/usr/local/mailman/mail/mailman subscribe mylist"

    mylist-unsubscribe: "|/usr/local/mailman/mail/mailman unsubscribe mylist"

    Run newaliases to update the alias information for mylist.

  7. To use SELS effectively, some changes to the list settings are needed. These changes are as follows:
    • Message footer option under Non Digest Options are turned off.
    • Under the Privacy options, "Confirm & Approve" is chosen for the question "What steps are required for subscribing?"
    • Digest option for batch delivery of email are turned off.

    At present you will make these changes for each list.

  8. Now Execute the following script at /usr/local/sels-X.X/LS/bin
    python SELScreate.py -l mylist

    and choose option 2 i.e. "Create mailman keyring for list". This script will create a GnuPG keyring SELS for mylist under/usr/local/mailman/lists/mylist and install the List Moderators signature verification key in this keyring. All the keys related to mylist will be installed here.

  9. Finally execute
    python sendemailtoLM.py
    and choose option 3 "Send update to LM after completing manual steps".

All the remaining processes at List Server, such as List Server key pair generation and installation, List Subscriber corresponding key pair generation and installation, sending emails to List Moderator and List Subscribers, are handled automatically by the SELS code. View the SELS log using tail -f ~/log/mailman/SELS.log. View the mailman log using tail -f ~/log/mailman/error.


Copyright 2000-2008 Board of Trustees of the University of Illinois.