Mailman3 on a VPS using VirtualEnv and and a Third Party SMTP service

Initial Notes

I’ll edit this post as I discover new things, and may not explicitly mark any changes

I installed Mailman3 on a cheap VPS using the instructions at https://docs.mailman3.org/en/latest/install/virtualenv.html. I’m using Mailersend to send the emails, but receiving emails in the server using postfix.

I ran into several difficulties

It helps to have gnu-screen installed so you can switch between a screen in which you’re signed on as mailman and one in which you’re signed on as a standard sudo privileged user

Dependencies

The dependencies should include gcc gettext and . So..

sudo apt install python3-dev python3-venv sassc lynx

should be

sudo apt install python3-dev python3-venv sassc lynx gcc gettext

/bin/bash

On my server, bash isn’t at /usr/bin/bash, it’s just /bin/bash. so instead of ..

sudo useradd -m -d /opt/mailman -s /usr/bin/bash mailman

use ..

sudo useradd -m -d /opt/mailman -s /bin/bash mailman

psycopg2

As the notes suggest, you don’t have to hold back the version of psycopg2-binary anymore. So instead of

(venv)$ pip install wheel mailman psycopg2-binary\<2.9

use

(venv)$ pip install wheel mailman psycopg2-binary

/etc/mailman3/mailman.cfg

The instructions don’t say specifically, but you’ll have to create the /etc/mailman3 folder

Follow instructions that are in the content of the file to create mailman-hyperkitty.cfg. Change the example passwords, keys, and email addresses

Apache2 Mods

I’m using Apache, so the appropriate mods have to be enabled

a2enmod proxy_http a2enmod proxy a2enmod headers

Gunicorn

I’m using Gunicorn. The instructions have you create a file /etc/mailman3/gunicorn.conf but Gunicorn throws a warning about the file name because it wants it to have a python extension.
So add .py to the end of the file name and make it /etc/mailman3/gunicorn.conf.py.

You’ll also have to change the reference to that file in the ExecStart line in /etc/systemd/system/mailmanweb.service

EMAIL_HOST parameters – using a third party smtp service

(This has been extremely frustrating)

I put the following code in /etc/mailman3/settings.py

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.my_external_smtp_service.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'the_user_name_my_smtp_service_gave_me'
EMAIL_HOST_PASSWORD = 'the_password_my_smtp_service_gave_me'
EMAIL_USE_TLS = True

and Mailman3 seemes to ignore it all. But what’s truly frustrating is when I did a test using mailman-web sendtestemail (iaw https://docs.mailman3.org/en/latest/config-web.html), it worked fine. But in operation, if I send an email to an email list, that email won’t be forwarded to list members using those parameters

In retrospect, I understand why. It’s not mailman-web’s job to forward to email lists. That task belongs to mailman core. But for anyone following instructions trying to get this to work, it could be frustrating.

I think those parameters have to remain in settings.py for mailman-web to work (not sure, I’ll test it eventually), but also those parameters go in /etc/mailman3/mailman.cfg as

incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver
lmtp_host: 127.0.0.1
lmtp_port: 8024
smtp_host: smtp.my_external_smtp_service.com
smtp_port: 587
smtp_secure_mode: STARTTLS
smtp_user: the_user_name_my_smtp_service_gave_me
smtp_pass: the_password_my_smtp_service_gave_me

With those parameters in mailman.cfg, it works fine so far

DMARC Mitigation

This may be important to anyone using an external SMTP service

I got to the point where all of the admin messages were going out fine, but the messages to list members were being rejected by my SMPT service, Mailsend.

The problem was I was sending test messages from a domain that wasn’t verified by Mailsend. Which makes sense because the whole world of people who might send a message to the list won’t all have domains verified in my Mailsend account.

The solution is to set DMARC Mitigation in the list settings (as of my writing this, I don’t know of a global setting or a way of changing the default setting, so this has to be done for each list)

This can be done through the web site. In the settings for you list, click ‘DMARC Mitigations’ in your side bar. Pick the ‘Replace..’ or ‘Wrap..’ option – I chose Replace, and click ‘Yes’ for unconditionally.

With this setting, even if someone sends an email from someone@someemail.com, the forwarded message will be from your domain.

Avoiding Facebook’s Toxic Suggestions

I feel the need to check Facebook periodically because of some pages that I help maintain and some family and friends who I want to check up on. Because FB is addictive, I usually end up mindlessly scrolling for a minute or two.

But that mindless scrolling usually stops after I see a couple of posts labeled “Suggested for you” with click-bait memes linking to pages that glorify conspiracy theorists or promote toxic anti-woke right wing pages. Instead of taking the bait (and it’s sometimes very hard not to), I close out Facebook for the rest of the day and edge closer to the day I won’t open it up again

The hardest part about joining Mastodon is finding an instance (aka server)

Mastodon is a decentralized social networking system. Decentralized means it’s not owned by one entity, and several instances are run by individual people who are not wealthy. With little bit of time, not too much money, and some technical skills, you can start your own if you wanted to. But most people find instances to join.

The hardest part about joining Mastodon is finding an instance, also known as a server. Some places to help find instances are:

• https://instances.social/,
• https://mastodon.help/instances,
• https://joinmastodon.org/servers, and
• https://github.com/McKael/mastodon-documentation/blob/master/Using-Mastodon/List-of-Mastodon-instances.md

Don’t sweat choosing an instance too much. You can join one instance and follow people from other instances, And you can also change instances if you don’t like the one you joined. Obviously, as soon as you join, you should follow @bnmng@assortedflotsam.com.

Before logging in, most instances let you look at their /about page, and from there you can usually find a ‘Moderated Servers’ section and see the instances they block and why they block them. You can also usually browse a /directory page and see their users – but only those who choose to make their profiles public.

Following is a list of a few instances that my friends might find interesting, and that seem to be open to registration. Since I work at a library, several of these are geared towards others who do so. A few others are technical or progressive leaning

I might start my own instance someday, but for now I’m a member of https://assortedflotsam.com. That is a small instance, and may switch to invitation-only of too many registrants show up. That’s unlikely to happen as a result of this blog post. If you join this instance, consider buying Smeg a cup of coffee, though he doesn’t nag anyone to do so.

https://c.im describes itself as “a general, mainly English-speaking Mastodon instance.” I don’t know much about them, but Santa Clause is a member. They seem like mostly good people

https://deacon.social is an instance for Christians. They seem like good Christians. They’ve blocked servers for anti-trans and anti-LBGT hate speech

https://glammr.us is an instance for “galleries, libraries, archives, museums, memory work and records”.

https://hachyderm.io They are “hackers, professionals, enthusiasts, and are passionate about life, respect, and digital freedom.”

https://hcommons.social describes themselves as a microblogging network supporting scholars and practitioners across the humanities and around the world. They came up when I searched for “librarians”

https://mastodon.lol describes itself as “A Mastodon server friendly towards anti-fascists, members of the LGBTQ+ community, hackers, and the like.”

https://mastodon.social: This is the big one. It’s run by the guy who invented Mastodon and has over 200,000 users. In my opinion, it’s better to join a smaller instance.

https://universeodon.com: George Takei is on Mastodon! and he’s at universeodon.com (but remember, you don’t have to be on his instance to follow him)

https://zirk.us is an instance for “Literature, philosophy, film, music, culture, politics, history, architecture.

Updates
12/20 – I added the paragraph about viewing /about, moderated servers, and /directory

My Thanksgiving, 2022

My wife and I never go anywhere together for more than a few hours because of the farm and the pets. It’s not a real farm. It’s just a couple of hogs, goats, and chickens that we keep for our own use, but the animals are real, and they need food and water which means they need someone around to care for them every day.

And the pets… I think my wife goes a little overboard and it seems to me that every time one of them sneezes, scratches, or eats less than the day before, it’s another trip to the vet and another round of pills to be administered every day. 

There’s a lot to do here and going away means finding someone to do it. So when my daughter insisted that we be together at her house in Colorado for Thanksgiving, my wife shouldn’t have caved. And I shouldn’t have caved to my wife. But we caved. 

Fortunately, my wife’s childhood friend agreed to fly in to take care of everything while we were away. Despite my wife’s email, which read more like a warning than a request, she said, ‘yes.’ Our friend has some family and friends in the area so it worked out for her to be in Virginia during Thanksgiving

Our plan was for my wife to fly to Denver on Saturday. Some time later, our friend would fly in to Norfolk and I would pick her up. My son would drive to our house from North Carolina Tuesday night, then he and I would fly together Wednesday morning. The family would be together for Thanksgiving, then my wife, son, and I would fly back to Norfolk Friday evening. So far, it seemed like a good plan.

My wife occasionally bakes and decorates cakes for Icing Smiles, and she had a cake to deliver in Chesapeake before we left. We had to do that Saturday morning on the way to the airport. My wife had been working on the cake through Friday night and into the morning, so the morning was a bit of a rush. But we delivered the cake and made it to the airport on time for the flight

By some miscommunication, our friend got a flight to Norfolk for Tuesday evening – not leaving enough time for me to show her what to do. But at least we’d have a couple of hours so I could show her where everything was. That and a lot of notes would have to do.

Part of the plan was for my son and I to leave his car at the airport and leave my wife’s car home for our friend. But my son called me Monday night and said he had a slow leak and was worried his tire would go flat in the airport garage. And that’s not all. His cigarette lighter wasn’t working so not only would the tire be flat, we wouldn’t be able to power a pump to fill it.

On Tuesday morning I called Tire Choice in Suffolk and asked if they’d be able to fix a slow leak if I could get the car in at 5:30 PM. They said they could, so I made an appointment. I told my son he had to be on time because they close at 6.

Our friend’s first flight was delayed so she missed her connection. She would arrive in Norfolk Wednesday in the late morning. That meant I wouldn’t be picking her up from the airport, there would be no time to show her around, and I had to deal with the farm and the pets before sunrise Wednesday morning. I spent part of my day revising my notes for extra clarity and dividing feed up into sacks so I wouldn’t have to worry about explaining how I portion out the feed for the hogs.

My wife had the idea of my son and I driving separately to Norfolk so our friend could take my wife’s car home.

My son arrived on time, at 5:30 Tuesday evening, but after fifteen minutes the guy at Tire Choice said, “I know you had an appointment, but we can’t work on it. I can’t get any technicians to stay late enough”. I don’t want to go into the conversation we had, but it was futile. We couldn’t get the tire fixed, so we had to get the cigarette lighter working.

It was simple. A blown fuse. But we also needed a new pump because the plug was broken. It worked, but it was hard to stick in and remove from the cigarette lighter and I was worried it might blow the fuse again. That will be easy to fix but I wasn’t going to fix it that night. We went back out to get a new pump. By the time we got back it was getting late and I still hadn’t finished packing.

Eventually I finished packing, but that didn’t matter because after a short night of sleep, rushing to get the farm animals fed in the dark, getting the pets fed and medicated, and doing last minute checks to make sure the house was ready for our friend, I left my bag at home. I knew it before we were even on the road for five minutes, but there was no time to turn back.

My son was also a bit tired when he followed me in through the airport parking gate. This was his first time driving to the airport. He didn’t notice me reaching out for a parking ticket, and after I got my ticket, he followed me in so closely that the bar didn’t come down between us, and never got a ticket for himself.

That was our trip out. After that, everything was, for the most part, fine. 

We had a pleasant Thanksgiving. My wife, daughter, and son-in-law prepared a lovely meal, and we noshed on leftovers for breakfast the next morning while playing pool in my daughter and son-in-law’s basement. I even got to play technician and helped fix a problem with their sound bar. 

Forgetting my bag was nothing a quick trip to Walmart couldn’t make up for, and I got to spend three days without my laptop, which was probably good for me.

Our scaredy-cat dog peed upstairs because he was too afraid of our friend to come downstairs to get to the back yard. But our friend cleaned the mess and it’s like it never happened.

The missing ticket wasn’t a big deal. It only took a few minutes for the cashier to confirm ownership of the car and look up the license plate, which was recorded when we arrived. They only charged us for the three days. I had expected a penalty to make up for the inconvenience, but there was none. Kudos to Norfolk Airport Parking.

When we got back, there was more hay left over than I was expecting, so our friend unintentionally put the goats on a bit of a diet, but they don’t seem any worse off for it.

All in all, it was a good Thanksgiving for us, and I’m thankful for that.

Updates
11/27 – I removed the line about watching the word cup. I watched one match but shouldn’t have, and don’t want to encourage it. Qatar is awful and FIFA is awful

Don’t Kill Democracy Over Lies

If Republicans win as a result of the 2022 elections, they will weaken our democracy by removing laws that make it easier to vote, and election officials in several local and state governments will overturn election results that they don’t like.

This may not be be the irreversible dystopian nightmare that some of us envision – or it may – but either way it won’t be good. We will have lost decades of progress in American democracy. This is what some of our fellow Americans want.

Others will have let it happen because we fell for lies.

The biggest lie driving people away from Democrats is about inflation. The truth is, the United States is handling inflation better than most.

As explained in the video I embedded below, the united states is “in the middle” compared to other nations regarding inflation. But the video doesn’t emphasize (though it does mention) that even compared to those nations that have lower inflation, the U.S. economy is still stronger because of other factors, like jobs.

Assistance provided by the American Rescue Plan helped the U.S. economy. As David Lynch writes:

More than 8 million Americans who were jobless in March 2021 are now working. The economy last year posted its fastest growth since 1984 and ended the year more than 3 percent larger than before the pandemic.

David C Lynch, Washington Post, October 9th, 2022

Other lies being told by the right are the vicious culture war lies. What the right wing is calling “CRT” and accusing public schools of teaching is merely the truth about racism in the United States, and nobody is trying to indoctrinate your kids to be gay or trans.

And of course, there’s the big lie about stolen elections. A lie refuted by several Republican politicians and election officials, including more than sixty federal judges, some of the them Trump appointees, who shot down the suite of lawsuits known as “the Kraken”

The people who shouted “do your own research” while promoting dis-proven Covid-19 cures now want to make sure you don’t research global inflation rates, what’s actually being taught in public schools, and the thousands of lies told by Donald Trump and Republicans who support him.

Our elections where never completely free and fair, but we had been making progress. That’s what Republicans are trying to kill. Don’t let them do it because you feel for a bunch of lies. Vote Democrat

A Point About Race-Conscious Admissions in Higher Education

From the What-A Day newsletter

There’s an elephant in the room that none of the conservative Justices nor anyone railing against affirmative action seems to want to discuss: legacy students. A 2019 report from the National Bureau of Economic Research showed that 43 percent of White students admitted to Harvard from 2009-2014 were either recruited athletes, legacies, applicants on the “dean’s interest list” (aka the children of wealthy donors) and children of faculty and staff. More pointedly, a whopping 75 percent of the White students admitted under those privileged categories, particularly legacies, would have been rejected had they not been given those bonus points. The acceptance rate for legacy students at Harvard is about 33 percent, compared with the school’s overall acceptance rate of under six percent. But the Edward Blums of the world deem this kind of affirmative action acceptable.

What a Day Monday, 2022/10/31

A Tweet Thread about Musk’s Free Speech Hypocrisy

Below is the text of a tweet thread by @JoshuaPHilll. I put it here so you don’t have to go to Twitter if you don’t want to, but you do want to, you can use the link in the previous sentence.

Elon Musk is again claiming that he’s all about free speech. So let’s look at the record. Here’s thread with just a few of the countless examples showing he couldn’t care about it less

1. There’s the time he called Vernon Unsworth, the man who helped rescue 12 boys trapped in a mine in Thailand, a “pedo guy” and paid $50,000 to an investigator to dig up Unsworth’s life. Why? Because Unsworth called his failed attempt help the boys himself a “PR stunt.”

2. Then there’s the story of John Bernal, who was fired six days after posting a YouTube video of a Tesla accident.
https://www.cnbc.com/2022/03/15/tesla-fired-employee-who-posted-fsd-beta-videos-as-ai-addict-on-youtube.html

3. Then, there’s Martin Tripp, a technician at a Tesla plant in Nevada who blew the whistle on the company. Musk allegedly hired people to hack and spy on Tripp after he cast doubts on Tesla’s environmental credentials.
https://www.bloomberg.com/news/features/2019-03-13/when-elon-musk-tried-to-destroy-tesla-whistleblower-martin-tripp

4. Musk also is anti free-speech when it comes to labor organizing. Tesla worker Richard Ortiz was fired for trying to organize with the United Auto Workers, a move that was declared illegal by a labor board.
https://www.nytimes.com/2021/03/25/business/musk-labor-board.html

5. Then there’s the time Tesla asked China to censor comments that were critical of the company.
https://www.bloomberg.com/news/features/2021-07-05/tesla-s-fall-from-grace-in-china-shows-perils-of-betting-on-beijing?sref=LPaI0SF6

6. There’s also the time Musk tried to out an anonymous Tesla critic, and skeptical investor who goes by “Montana Skeptic” to their employer.
https://popular.info/p/musk-is-a-free-speech-absolutist?s=r

7. He also has tried to use Twitter itself to suppress worker speech and organizing, a move deemed illegal by the NLRB
https://www.nlrb.gov/case/32-CA-197020

8. I wrote about this back when his Twitter bullshit saga started, and of course there’s more in the articles linked above as well. And many more stories out there, but for anyone who believes that this is about him loving free speech, please dig deeper.
https://www.independent.co.uk/voices/elon-musk-twitter-free-speech-b2065880.html

The Mastodonian Church

Mastodon is not a church, but I’m going to explain Mastodon and the Fediverse with a church analogy. I think this analogy should work, especially for my people in Suffolk, Virginia, a lot of whom are more familiar with their church than social media. So here goes.

Imagine Facebook is a megachurch.  Image the same about Twitter and other social media giants.

Now imagine a smaller church. Maybe it’s a church with no more than a dozen members.  Except here’s the thing: They have a networking system which connects them to other churches.  So with this technology, they can join millions of other members in different churches all over the world, almost as if they’re part of a big megachurch

There is no authority dictating membership in the network. Any organization that installs the necessary equipment can join. Since any organization can join, they’re not all the same religion. They’re not even all churches. Some organizations are small and some are big.

For the most part, this variety is good, but it means that some of the organizations have beliefs or practices that others find offensive. There’s an answer for that. Your church can choose which other organizations it wants to hear from. So if there’s some racist church or club out there on the network and your church doesn’t want to hear from them, they don’t have to.

Wrapping up this analogy:  The Fediverse is the network that connects all of the organizations. Mastodon is one type of ‘equipment’ that your church can install to be part of the Fediverse. Mastodon is not really equipment, it’s software. When one person or organization uses Mastodon to connect their users to the Fediverse, that installation is called a Mastodon server or Mastodon instance.

Mastodon is free to download and if I wanted to, I could set up my own Mastodon server. There are plenty of guides out there, including this one. But for now, I’m a member of someone else’s server, as most people on the Fediverse are.  I’m a member of a Mastodon server called assortedflotsam.com.  

Who runs assortedflotsam.com? A regular guy as far as I can tell. He calls himself “Smeg” on line but I don’t know his name. He lives in the United States, has a job that he sometimes complains about, and he mentions his son on occasion. Other than that, I don’t know much about him. I know he runs a Mastodon server with about 40 users and doesn’t ask for anything in return. And I’m grateful for that. I once asked if he needed help with the server costs but he said he didn’t. Still, I’m pretty sure he’s not wealthy or he wouldn’t have that job he complains about.

Other servers are run by organizations or groups of volunteers and some have hundreds of users. Some are easy to join, others are closed, and others are by invitation or have wait lists.

When you sign on to a Mastodon server, you’ll see a column of toots, which are analogous to Twitter’s tweets, from everyone you follow. This is your Home screen. Honestly, I don’t remember what happens when you first sign up and aren’t following anyone yet. I think there’s ‘getting started’ screen to help you.

On the right side, you can see a few menu items including Local and Federated. If you click Local, you’ll see toots from other people on your server. If you click Federated, you’ll see toots from everyone on your server plus toots from everyone that people on your server follow. The federated timeline is a good way to connect to others around the world.

There’s also a multi-column option that you can get to in settings, which allows you to see all of those columns at once.

Assortedflotsam.com is just one of thousands of Mastodon servers, and since it’s very small and run by just one person, it’s not taking on new members except by invitation. You can find a list of others at https://joinmastodon.org/servers, https://instances.social/list, and https://fediverse.party/en/portal/servers. That last one doesn’t just list Mastodon because Mastodon is just one way to connect to the Fediverse. From whatever server you join, you can find and follow me, bnmng@assortedflotsam.com. And if later you decide that you don’t like the server you’re on, you can join a different one.

Mastodon is more chaotic than big, commercial, social media because there is no algorithm designed to serve you more of what you’re addicted to. I found it harder to find conversations about what I’m interested in and it took a while to connect with users that I enjoy interacting with. But that slowness is worth it to me, because I know I’m not being force-fed content.

We’ve seen the damage that big social media can do. If you want to connect to people in a non-commercial environment run by volunteers, with no technology feeding you what they want you to see, then give one of those many Mastodon servers a try.

Updates:

• 2022 10/30: At first I only described the multi-column layout because I didn’t realize Mastodon changed it’s default format for new users to the single column layout. Thanks to https://mstdn.social/@feditips for letting me know about the change.
• 2022 10/30: I added the note about the mastodon set up guides and made some other small changes throughout the post

Some kind of WordPress glitch

The three or four people who ever see this blog may have noticed something glitchy with the past couple of posts. The image for the Republican post didn’t display so I deleted the image and re-uploaded it, but it still didn’t work so I deleted the post and re-wrote it. But now there are two near-duplicate posts and for some reason, I can’t delete one.

Not only that, but the image from the post I made earlier disappeared so I reloaded that image.

I never knew WordPress to be glitchy before.

Republicans