A short link to this page is https://wiki.list.org/x/4030714

Clear message

4.66. How do I disable "bulk" pipermail archive files (.mbox and .txt)?

Mailman config (mm_cfg.py) supports PUBLIC_MBOX=No, which really only changes the look&feel of the pipermail archive so that it isn't readily apparent that users can download <list>.mbox files. HOWEVER, this in no way prevents savvy users from actually downloading those files. The .mbox and archive .txt files contain raw email addresses, and spammers have been known to download these to get lots of valid (interest specific) email addresses. Here are my recommendations on how to suppress access to these files:

In Apache's httpd.conf enable mod_redirect and use these rules: 

     RedirectMatch permanent /mailman/private/.*/.*\.txt /mailman/
     RedirectMatch permanent /mailman/private/.*/.*\.mbox /mailman/
     RedirectMatch permanent /pipermail/.*/.*\.txt /pipermail/
     RedirectMatch permanent /pipermail/.*/.*\.mbox /pipermail/

The above Apache rules strictly inhibit the downloading of the .mbox and .txt files. The side affect of redirecting the user to http:///mailman/ or http:///pipermail/ is that the user is presented with a "Forbidden" web page. You could override/change this to point the user to a custom site specific "Go Away" page by changing the RedirectMatch statements.

Now that the user doesn't have the capability to download .mbox and .txt files, you can make this change to Mailman/Archiver/HyperArch.py to disable the presentation of the "Downloadable version" (*.txt or *.txt.gz) files from each list main archive page. 

 -begin file------------------------------------------------------
 --- Mailman/Archiver/HyperArch.py.orig   Wed Jan 25 18:04:13 2006
 +++ Mailman/Archiver/HyperArch.py        Wed Jan 25 18:04:16 2006
 @@ -817,6 +817,8 @@
          else:
              # there's no archive file at all... hmmm.
              textlink = ''
 +
 +        textlink = ''
          return quick_maketext(
              'archtocentry.html',
              {'archive': arch,
 -end file---------------------------------------------------------

Save the above code (excluding the begin/end lines) to a file called hyperarch.patch. Then cd into your Mailman directory (default is /usr/local/mailman) and execute these commands: 

 $ cp Mailman/Archiver/HyperArch.py Mailman/Archiver/HyperArch.bak
 $ patch -p0 -u &lt; hyperarch.patch

The above patch will prevent your list archives from displaying a URL to download the raw archive .txt or .txt.gz files. Now, the only remaining issue is that the main list archive page (http:///mailman/pipermail/): 

        &lt;table border=3&gt;
          &lt;tr&gt;&lt;td&gt;Archive&lt;/td&gt;
          &lt;td&gt;View by:&lt;/td&gt;
          &lt;td&gt;Downloadable version&lt;/td&gt;&lt;/tr&gt;

to this: 

        &lt;table border=3&gt;
          &lt;tr&gt;&lt;td&gt;Archive&lt;/td&gt;
          &lt;td&gt;View by:&lt;/td&gt;
          &lt;/tr&gt;

In the future I hope that this FAQ entry can go away and that Mailman will properly support chmod'ing private//.mbox and private//.txt archive files when the site sets PUBLIC_MBOX=No.

Questions? email me jimpop@yahoo.com

Converted from the Mailman FAQ Wizard

This is one of many Frequently Asked Questions.