The mailing list for listmasters using Sympa

[Hatuka*nezumi - IKEDA Soji <address@concealed>]

Hi,

On 2022/10/04 23:57, Goltz, Immo wrote:
> Hello,
>
> we are running Sympa 6.2.68.
>
> Currently we try to tweak unsubscribing a bit. It should be easy for 
> subscribers to leave but also safe from abuse.
>
> Step one, we use auto_signoff instead of signoff.
>
> We understood the documentation that auto_signoff unsubcribes a user 
> from a list without authentication.
>
> But no matter if we use signoff or auto_signoff authentication is 
> needed. Subscriber clicks on link in mailing, Sympa GUI opens. Press 
> "confirm" leaving list. This generates an auth mail which has to be 
> clicked and confirmed as well. With auto_signoff this auth should not 
> happen we think (problem 1).

I couldn't find that the documantation states that auto_signoff
unsubcribes a user from a list "without authentication".

The description of this feature as it first appeared in the manual
is as follows:

| Note: It is essential that the list messages don't contain a link that
| actually unsubscribe users, because list messages are forwarded,
| replied to, and therefore the unsubscription URL would be forwarded to
| potentially a lot of people. Consequently, we put only an URL which
| will trigger an unsubscription confirmation. This way, if somebody
| else clicks on this URL with your mail address in it, you will just
| receive a message (containing this person's email IP) requesting
| confirmation.
--- 
https://web.archive.org/web/20101115113815/www.sympa.org/manual/message-handling

Briefly: Simply clicking on the auto_signoff link does not unsubscribe
the user, but **requires confirmation** by the user themselves.


> Step two, guard auto_signoff.
>
> We think auto_signoff is intended to signoff without auth (which does 
> currently not work in our installation, see above). But to have some 
> safety net against malicious attempts to unsubscribe someone else we 
> implemented a personal token.
>
> We added optout_uuid to db_additional_subscriber_fields parameter in 
> sympa.conf and introduced a Sympa::Template::Plugin::CheckUUID plugin 
> which is called from a modified confirm_action.tt2 (to be honest we had 
> significant help doing so).
>
> Then message_footer with
>
> [% wwsympa_url %][% 'auto_signoff' | url_abs([listname], {email => 
> user.email, uuid => user.optout_uuid}) %]
>
> creates the new unsubscribe links. Which works fine.
>
> But having the same unsubscribe link in welcome.tt2 the uuid paramter is 
> empty. So problem 2 is user.optout_uuid seems not to work in welcome.tt2 
> (maybe other templates too) however it works in message_footer.

I don't know how your Sympa::Template::Plugin::CheckUUID plugin works.

Can you give us the link to the documentation or source code for that
plugin?

Regards,
-- Soji


> Roundup
>
> 1. According to doumentation does auto_signoff unsubcribes a user from a 
> list without authentication. In our installation we don't see a 
> difference to signoff, auth is needed in both cases.
>
> Do wee need special list configuration to achieve the auto_signoff 
> without authentication?
>
> 2. We want to place the unsubscribe link in the welcome.tt2 and in the 
> message_footer.
>
> In both cases we use the URL:
>
> [% wwsympa_url %][% 'auto_signoff' | url_abs([list.name], {email => 
> user.email, uuid => user.optout_uuid}) %]
>
> In the processed welcome.tt2 the UUID is not set, in messge_footer the 
> UUID is set.
>
> How to access optout_uuid, a db_additional_subscriber_fields field, from 
> all the templates (tt2 files) and message parts (header/footer or body 
> using personalization_feature)
>
> Thank you in advance
>
>
> ​Immo Goltz