mailman archive setup failing

greenTara

Registered
Dec 21, 2012
2
0
1
cPanel Access Level
Website Owner
I have recently moved our non-cPanel website to a cPanel on Litespeed shared-host service.

We had several Mailman lists on the previous site. I managed to set these up on the new site and transfer the subscribers. But the sys admins have been unable to include our old archives in the new archives. Other than across the board failure to capture the old emails, there has been considerable variation among the list. Some lists created empty archives when directed to do so, and are now storing new emails. Some other lists have failed to set up archives, one giving a 403 error, the other a 404 error.

When I contacted the support desk for this service (after providing detail instructions on the mailman commands to run inorder to set up the archives), I got the following explanation

" There has been recent use of a type of exploit where using symbolic links could allow someone to read other files. As a result operating systems and web servers implemented a new feature to only follow symbolic links if the owners match. The problem being right now cPanel the owners are not matching causing this issue. We just cannot turn off this feature so we simply have no way around it."

That seems to transfer the responsibility for dealing with this problem to cPanel.

So, I'd like to know if this business with symbolic links has been reported as an issue, does it make sense as something that cPanel needs to address, and if so, is there any progress and expected date of resolution?

Thanks, Tara
 

greenTara

Registered
Dec 21, 2012
2
0
1
cPanel Access Level
Website Owner
I see that the symlinks issue now has status "Resolved". Does them mean the problem with cPanel's Mailman will go away? Based on what I read, that is not clear to me.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
I see that the symlinks issue now has status "Resolved". Does them mean the problem with cPanel's Mailman will go away? Based on what I read, that is not clear to me.
There are several different solutions offered to handle symbolic link attacks listed here:

Handling Symlink Attacks

As far as the issue with Mailman, we would need to know the specific error message or symbolic link associated with mailman that the provider is not able to restore.

Thank you.