Dada Mail v9.5.0 Released

Dada Mail v9.5.0 has been released – download and install using the instructions here. Changelog is below:

Features

StopForumSpam Integration

The StopForumSpam service (http://stopforumspam.com/) keeps a database of email addresses, locations, and usernames known to be used for abuse attempts on web apps like forums, blogs, and mailing lists.

Dada Mail now supports looking up this information when a user goes through the subscription process. If the IP address or email address of the user is returned by the StopForumSpam service as being known to be abusive, the first step of the subscription process fails.

This new feature can help stop your mailing list from being abused, curbs the wasting of server resources, and keeps your mailing list cleaner. StopForumSpam integration should definitely be seen as a security enhancement, as these users being marked as abusive are possibly part of a botnet, trying to find vectors for attack.

This integration of StopForumSpam is currently enabled by default, and requires the LWP Perl CPAN library – if you can send a webpage using Dada Mail, you most likley have this library installed!

Options to enable/disable StopForumSpam integration can be found in the list control panel under Mailing List – Options. Look for the checkbox labeled, Enable StopForumSpam Protection.

If WWW::StopForumSpam needs to be installed, a notification will be shown below this option to alert you.

Viewing the Unconfirmed Subscribers sublist

Dada Mail keeps track of subscribers that have started the subscription process, but haven’t yet confirmed their subscription by clicking the confirmation link that’s sent to them via email. Internally, this sublist type is called, sub_confirm_list (catchy name, huh?). It’s used primarily to make sure the same address isn’t repeatedly submitted to be subscribed again and again by some automated process. Curbing abuse is a big part of web apps like Dada Mail!

We’ve now added the ability to view and interact with this sublist. In the, Membership – View screen, you will see a new tab labeled, Unconfirmed Subscribers. You may view, search, delete, and export addresses from this sublist. You may also resend the subscription confirmation email message: look for the button to the left of the email address. Pressing the button will resend the confirmation email message.

This sublist is tightly coupled with the subscription confirmation process itself. Dada Mail’s subscription confirmation system works with a unqiue token embedded in the confirmation email that corresponds with records in its database. These records do expire after a while (60 days by default). When these tokens expire, addresses in this sublist will also automatically be removed, keeping your mailing list tidy, and your database trimmed and fast, without any additional work by you.

Viewing this tab can be enabled/disabled in the list control panel under, Membership – Options. Look for the checkbox labeled, Show “Unconfirmed Subscribers” sublist.

New Subscriber Export Options

In previous versions, Dada Mail could export your Subscribers (as well as other sublists), but the data it exports is not customizable. It would include the added/subscribed date (timestamp), the email address itself, profile fields, as well as the delivery preferences (if that option is enabled). Some users have problems then utilizing this information as-is, since some of the information is not needed. Although this exported informaton is in CSV format, which you can open the exported file into a spreadsheet app, and do more manipulation, but many users were having trouble with this cumbersome extra step.

Now, Dada Mail also allows you to specify what data you would like exported:

  • Email Address (always exported)
  • Date Added
  • Profile Fields
  • Delivery Preferences (if enabled)

Among other things, this allows Dada Mail’s exported data to be easily read and imported back into Dada Mail itself – something it couldn’t do (embarrassingly) before!

Using this new functionality is simple: instead of exporting the data right away, after you click the Export button, a modal menu will open up, allowing you to choose what data you would like the exported data to hold.

Email Parsing Engine Advanced Tuning Options

Dada Mail now allows you to easily tune the underlying email parsing engine (called, MIME::Tools), so that you can either have a faster parser that’s more memory intensive (the default), or a somewhat slower parser that uses less memory.

We’ll be experimenting with the latter, as it should help with working with large, complex email messages with large attachments, as well as running Dada Mail as a long-running process.

More information on how to change these options are available at,

http://dadamailproject.com/d/install_dada_mail-advanced_configuration.pod.html#Configure-Email-Parsing-Engine


v9.4.0 Beta 1 is out – Rate Limiting!

Hello everyone, v9.4.0 Beta 1 is out.

Download and Install:

http://dadamailproject.com/support/documentation-9_4_0-beta1/install_dada_mail.pod.html

(Pro Dada versions are available)

This version has the new Rate Limiting feature built in. Seems to work really well! Now that it’s a part of the app, seems a little naked to run without it. Rate Limiting is currently enabled by default, and also has settings that can be customized in the installer. I’d love to get some more real-world feedback in seeing if the feature is working at all/as intended. I’m running it myself and seems to work well. It’s one of those, “Behind the scenes” features though, so nothing out of the ordinary seems to be different, unless something is terribly wrong!

Here’s what you need to know:

http://dadamailproject.com/support/documentation-9_4_0-beta1/install_dada_mail-advanced_configuration.pod.html#Rate-Limiting

Rate Limiting

When enabled, rate limiting keeps track of the requests of certain features in Dada Mail – features like trying to log into the list control panel, or subscribing to a mailing list. Dada Mail keeps track of these requests by IP Address and can be configured to have a maximum amount of requests per timeframe. If more than the maximum amount of requests are made within the timeframe, the rate limit is said to be exceeded, and further requests will be denied.

This feature is especially important in any feature that involves filling out a form, then having that feature send out an email, like a subscription confirmation. Potentially nefarious bots may be filling out your subscription form quite blindly, with various bogus email addresses, causing all this unneeded email to be sent, then bounced back. If you’re using a third party email sending service, like Amazon SES, this out of control behavior could potentially lead to problems with you not following their Terms of Service.

Although rate limiting in Dada Mail was first implemented for the above scenario, it’s used in many other places:

• Running the Cronjob Schedule

• Subscription by the classic subscription form

• Subscription via the RESTful API

• Subscription and Unsubscription Confirmation via the token URL (or any URL with a token in it)

• Logging in and out

• Encrypting a password

• Requesting to download a file attachment

• Profile activation/registering/resetting password/login and out

• Accessing the list control panel login screen

Enable Rate Limiting

Check this option to enable Rate Limiting. Enabled by default

Timeframe (in minutes):

Timeframe is the amount of time a number of requests for a certain feature/function can be made

Max Hits

Max Hits are the amount of requests for a certain feature/function that may be done in the Timeframe set above.

If more requests than the Max Hits happens within the Timeframe, the feature/function will be inaccessible, until the number of requests is below the Max Hits threshold. Any other feature mentioned will still be available to the user, and any other users of the app will not be affected (unless of course they’re being tied to that same IP Address)

Config Variable:

$RATE_LIMITING .

That’s it! Give it a try,