The mailing list for listmasters using Sympa

["Goltz, Immo" <address@concealed>]

Thank you Terry for your prompt reply and the very helpful link.

But the trouble in our installation is:

1. footer/header work with user.optout_uuid but tt2 templates do not.

2. auto_signoff behaves like signoff, authentication message is send.

Immo

---

Von: McLaren, Terry <address@concealed>
Gesendet: Dienstag, 4. Oktober 2022 18:39
An: Goltz, Immo; address@concealed
Betreff: [EXTERN] RE: problems with auto_signoff behaviour and with accessing db_additional_subscriber_fields fields in templates

 

Greetings Immo – There are a couple of settings the lists will need to be configured before the footer/header will work.  I’ve written up the setting config and provided a couple of footer examples at:  https://wiki.illinois.edu/wiki/display/Sympa62/Message+templates.   We discourage the use of auto_signoff because the one-time token has caused unintended unsubscribes for some of our mail list users.

 

Hope this helps,

 

Terry McLaren

 

From: address@concealed <address@concealed> On Behalf Of Goltz, Immo
Sent: Tuesday, October 4, 2022 9:58 AM
To: address@concealed
Subject: [en@sympa] problems with auto_signoff behaviour and with accessing db_additional_subscriber_fields fields in templates

 

Hello,

 

we are running Sympa 6.2.68.

Currently we try to tweak unsubscribing a bit. It should be easy for subscribers to leave but also safe from abuse.

 

Step one, we use auto_signoff instead of signoff.

We understood the documentation that auto_signoff unsubcribes a user from a list without authentication.

But no matter if we use signoff or auto_signoff authentication is needed. Subscriber clicks on link in mailing, Sympa GUI opens. Press "confirm" leaving list. This generates an auth mail which has to be clicked and confirmed as well. With auto_signoff this auth should not happen we think (problem 1).

 

Step two, guard auto_signoff.

We think auto_signoff is intended to signoff without auth (which does currently not work in our installation, see above). But to have some safety net against malicious attempts to unsubscribe someone else we implemented a personal token.

We added optout_uuid to db_additional_subscriber_fields parameter in sympa.conf and introduced a Sympa::Template::Plugin::CheckUUID plugin which is called from a modified confirm_action.tt2 (to be honest we had significant help doing so).

Then message_footer with

[% wwsympa_url %][% 'auto_signoff' | url_abs([listname], {email => user.email, uuid => user.optout_uuid}) %]

creates the new unsubscribe links. Which works fine.

But having the same unsubscribe link in welcome.tt2 the uuid paramter is empty. So problem 2 is user.optout_uuid seems not to work in welcome.tt2 (maybe other templates too) however it works in message_footer.

 

 

Roundup

1. According to doumentation does auto_signoff unsubcribes a user from a list without authentication. In our installation we don't see a difference to signoff, auth is needed in both cases.

Do wee need special list configuration to achieve the auto_signoff without authentication?

 

2. We want to place the unsubscribe link in the welcome.tt2 and in the message_footer.

In both cases we use the URL:

[% wwsympa_url %][% 'auto_signoff' | url_abs([list.name], {email => user.email, uuid => user.optout_uuid}) %]

In the processed welcome.tt2 the UUID is not set, in messge_footer the UUID is set.

How to access optout_uuid, a db_additional_subscriber_fields field, from all the templates (tt2 files) and message parts (header/footer or body using personalization_feature)

 

Thank you in advance

​Immo Goltz

 

Achtung! Externe E-Mail. Bitte keine Links oder Anhänge anklicken, außer Absender*in ist bekannt und der Inhalt sicher.
[Caution! External email. Do not open attachments or click links, unless this email was received from a known source/sender and you know the content is safe.]