Skip to end of metadata
Go to start of metadata

Mailman 3.0

This is where I am collecting the feature list and other artifacts for Mailman 3.0 which will be a major upgrade for the project. Many things that people have been wanting for years will be addressed, most notably a unified user database, true virtual domain support, and backing the Mailman data in a real database layer. From a development perspective, we will be adopting a very strict test-driven development model, utilizing modern Python technology and coding styles. The focus will be on providing core Mailman as a library for easy integration into other frameworks and sites, while continuing the tradition of providing a turnkey solution with all the necessary parts, making it even easier to download, install, and go.

There is currently no ETA for Mailman 3, but development is moving quickly. Contributors are welcome and encouraged! Discussions will happen on the mailman-developers mailing list. Anyone can check out and use the current development source branches. The list below is not a commitment of features (unless marked with a Done (smile) ). Add your own as comments and I will move as appropriate into the wish list. You might also want to consider looking at the much more modest Mailman 2.2 branch.

To Do List

Here are things we need to do before MM3 can be released.  This list is starting from what was left over after PyCon Sprint 2013.

  • Mailman Suite:
    • Integrate hyperkitty/postorius into a single django install
    • Package Mailman 3/Hyperkitty/Postorius together with appropriate setup scripts
    • Internationalization
    • Migration scripts
    • mailman 2 & 3 co-existing?
  • Core
    • Ability to add/remove addresses to UserAddress resources via the API
  • Postorius
    • Add user settings page (Likely to be completed as part of stylistica's summer of code work; may need temporary fix sooner)
    • Add ability to add/remove email addresses from a user record (currently waiting on discussions with core about how to do this.  Will we need to send email confirmations?)
    • Add ability to remove moderators/owners from a list
    • subscription moderation
    • non-member disposition [Put list of non-members in list settings with allow/deny, etc]
    • Implementation of django-browserid + custom audience checking
  • Hyperkitty



(Potential) feature set

Compatibility and code cleaning

  • Python 2.6 or newer is required.
  • Switch to email 4 (Done)
  • Use Python's standard logging package throughout. (Done)
  • Convert the last of the string exceptions in to class exceptions
  • Remove all unnecessary _future_ statements (Done)
  • Remove True/False hackery (Done)
  • Fix unit test suite! (Done)
  • Eliminate the use of types module as much as possible (Done)
  • Use the optparse module throughout instead of getopt. (Under way)
  • Use the subprocess module instead of things like os.popen().

Wart removal

Message cleanup

  • Strip nodup recipients from both the To and Cc headers, and juggle recipient headers so that the list address is always in the To field. This might address the other major complaint against no-reply-to-munging, recipient proliferation.

Web U/I

A web UI improvement project was undertaken for the 2006 summer of code. Although there were good ideas, we didn't end up with anything usable, so a new u/i subproject was coordinated. A link to this project can be found here.


  • Add an option to allow verified non-members to post to the list. A verified non-member is someone who posts to the list and responds in the affirmative to a confirmation message. A verified member can post in the future (think Gmane).
  • Rosters should not be public by default.
  • Get rid of password reminders altogether. Encrypt member passwords and use a password reset feature instead of a reminder. (Done)


  • Clean up our Unicode story! All strings should be Unicode internally, with conversion at the boundaries of the system. IWBNI we could get rid of all the catches of UnicodeErrors, however we may have to make changes to things like the email library.
  • Switch to a new templating system that lets us share templates across languages, but extract messages for the catalog.
  • Finish the transition to an externally managed translation system
  • Switch to $strings (i.e. string.Template instances) for all i18n substitutions. We should be able to mechanically update all existing translations. (Under way)
  • Language variants (e.g. en_UK)

Spam defenses

  • Possibly integrate Spambayes or SpamAssassin or pyzor.
  • Hook into the LMTP process so that messages can be disposed of as early as possible. Check potential senders and recipients at LTMP time. (Under way)
  • Suppress backscatter bounces when SPF headers do not match.


Note that what we can accomplish here will be based on the availability of an Archiving Champion.

  • Reconsider using a 3rd-party archiver
  • Perhaps URLs to messages should be based on message-ids instead of message numbers so that regenerating archives can't break links. This must include backward compatible links
  • Ditch direct access and vend all archive messages through CGI so that we can do address obfuscation, and message deletion, etc. on the fly (with caching of course, but have to worry about web crawlers).
  • Add RSS feed
  • Allow for admins to remove or edit messages through the web.
  • Move archive threads into another list?
  • Put archives in the list/mylist directory.
  • Add a search option
  • Make archives default template look and feel similar to Web UI (whatever it looks like after the Summer of Code project is done)
  • Make archive templatable (at least by changing CSS) so they can match people's existing site look-and-feel
  • MUAs usually make URLs clickable. An new Archive could be used when posts are distributed, in the footer, so that each message has a link to the whole thread in the Archive.
  • Present all messages in a thread at once, and offer plaintext download of the whole thread
  • Put messages into a database and/or move away from mbox as the canonical storage format.
  • Make ISO 8601 compliant?


  • Improve admin statistics gather (# of posts sent, # bounced, # of domains accessed, which lists are quiet and which are busy) and make these available via the web interface.
  • Use a real RDBM on the back end, through a Python-based ORM. (Done)
  • Caps for list member count and outgoing messages per time slice.
  • Better feedback to users who have bounced (e.g. put a link to their last bounced message on their member page).
  • The 'digest option' needs to be improved to delete 'double messages'
  • Add a datetime of when the user subscribed (Done)
  • Add audit train for user subscriptions. Who added them? What checks were made?
  • Provide a better list-data export and import mechanism via XML. Possibly allow for data export via the web.
  • For Postfix, switch to Non-Postfix mailbox store: separate domains, non-UNIX accounts virtual domains and maildir delivery by default. Delivery mechanics for other MTAs may or may not change.
  • Partition queue directories into hashed subdirectories so that all queue files do not live in the same directory (which increases contention on the directory inodes and reduces overall performance).
  • Fix the bounce probe problem, and make bounce processing more efficient. Right now, it sucks.
  • Discard messages that have been in the bounces or shunt queues for a long time.
  • Include message headers in discard notifications - currently it isn't always possible to tell who sent a message that's been discarded, which makes it a bit pointless sending a notification. It would be nice to include brief headers in the first message part.
  • Increase user permission granularity per "checkbox requests" below
  • Add checkbox to moderation requests with option "Allow this user to ignore size limitations in the future"
  • Add checkbox to moderation requests with option "Allow this user to use implicit addressing in the future"
  • I don't know if this is a reasonable request or not, but if yes, could each user be allowed an override for post sizes (slightly different from above "ignore size in future" request)?
  • None