WWSympa is Sympa's web interface.

WWSympa is fully integrated with Sympa. It uses sympa.conf and Sympa's libraries. The default Sympa installation will also install WWSympa.

Every single piece of HTML in WWSympa is generated by the CGI code using template files (See Template file format). This makes internationalization of pages, as well as per-site customization, easier.

The code consists of one single PERL CGI script, wwsympa.fcgi. To enhance performances you can configure WWSympa to use FastCGI; the CGI will be persistent in memory.
All data will be accessed through the CGI, including web archives. This is required to allow the authentication scheme to be applied systematically.

Authentication is based on passwords stored in the database table user_table; if the appropriate Crypt::CipherSaber is installed, passwords are encrypted in the database using reversible encryption based on RC4. Otherwise, they are stored in clear text. In both cases, reminding of passwords is possible.

To keep track of authentication information, WWSympa uses HTTP cookies stored on the client side. The HTTP cookie only indicates that a specified email address has been authenticated; permissions are evaluated when an action is requested.

The same web interface is used by the listmaster, list owners, subscribers and others. Depending on permissions, the same URL may generate a different view.

WWSympa's main loop algorithm is roughly the following:

1. check authentication information returned by the HTTP cookie;
2. evaluate user's permissions for the requested action;
3. process the requested action;
4. set up variables resulting from the action;
5. parse the HTML template files.

Because Sympa and WWSympa share a lot of files, wwsympa.fcgi must run with the same uid/gid as archived.pl, bounced.pl and sympa.pl. There are different ways to achieve this.

This is the default method but might be insecure. If you don't set the –enable_secure configuration option, wwsympa.fcgi is installed with the SetUID bit set. On most systems, you will need to install the suidperl package.

The C wrapper presented in the preceding section will be automatically built starting version 5.4.

The wwsympa.fcgi is wrapped in a small C script, wwsympa-wrapper.fcgi, in order to avoid to use the – unsecure and no longer maintained – SetuidPerl mode.

Use sudo to run wwsympa.fcgi as user sympa. Your Apache configuration should use wwsympa_sudo_wrapper.pl instead of wwsympa.fcgi. You should edit your /etc/sudoers file (with visudo command) as follows:

apache ALL = (sympa)  NOPASSWD: /home/sympa/bin/wwsympa.fcgi

You should also check that the requiretty and env_reset flags are not set in the sudoers configuration file :

#Defaults    requiretty
#Defaults    env_reset

With requiretty set, sudo would only run when the user is logged in to a real tty; with env_reset set, most of your environment variables would be ignored... including your server name, the URL requested, etc.

Run a dedicated Apache server with sympa.sympa as uid.gid (the Apache default is apache.apache);

Use an Apache virtual host with sympa.sympa as uid.gid; Apache needs to be compiled with suexec. Be aware that the Apache suexec usually define a lowest UID/GID allowed to be a target user for suEXEC. For most systems, including binaries distribution of Apache, the default value 100 is common. So Sympa UID (and Sympa GID) must be higher than 100 or suexec must be tuned in order to allow lower UID/GID. Check http://httpd.apache.org/docs/suexec.html#install for details. The User and Group directive have to be set before the FastCgiServer directive is encountered;

You first need to set an alias to the directory where Sympa stores static contents (CSS, member pictures, documentation) directly delivered by Apache.

Example:

Alias /static-sympa /home/sympa/static_content

If you chose to run wwsympa.fcgi as a simple CGI, you simply need to script alias it.

Example:

ScriptAlias /sympa /home/sympa/bin/wwsympa.fcgi

Running FastCGI will provide much faster responses from your server and reduce load (to understand why, read http://www.fastcgi.com/devkit/doc/fcgi-perf.htm).

If you are using mod_fcgid Apache module :

  LoadModule fcgid_module modules/mod_fcgid.so

  <IfModule mod_fcgid.c>
    IPCCommTimeout 120
    MaxProcessCount 2
  </IfModule>

  <Location /sympa>
    SetHandler fcgid-script
  </Location>
  
  ScriptAlias /sympa /home/sympa/bin/wwsympa.fcgi

If you are using mod_fastcgi Apache module :

  LoadModule fastcgi_module modules/mod_fastcgi.so
  FastCgiServer /home/sympa/bin/wwsympa.fcgi -processes 2
  <Location /sympa>
  SetHandler fastcgi-script
  </Location>
  
  ScriptAlias /sympa /home/sympa/bin/wwsympa.fcgi

If you run virtual hosts, then each FastCgiServer(s) can serve as multiple hosts. Therefore you need to define it in the common section of your Apache configuration file.

This configuration was submitted by E. Kovarski.

To save any future nginx users any headaches, here is a sample nginx.conf stanza which works with Sympa v5.3.3:

server {
        listen       80;
        server_name  my.domain.org;

        location / {
            fastcgi_pass   unix:/var/run/sympa/wwsympa.socket;
            fastcgi_param  QUERY_STRING       $query_string;
            fastcgi_param  REQUEST_METHOD     $request_method;
            fastcgi_param  CONTENT_TYPE       $content_type;
            fastcgi_param  CONTENT_LENGTH     $content_length;
            fastcgi_param  PATH_INFO          $fastcgi_script_name;
            fastcgi_param  REQUEST_URI        $request_uri;
            fastcgi_param  REMOTE_ADDR        $remote_addr;
            fastcgi_param  SERVER_NAME        $server_name;
        }

        location /static-sympa {
                alias /usr/local/sympa/static_content;
        }
}

Note that the request_uri fastcgi parameter is necessary for virtual hosting.

I got bit by the documentation which said server_name is compared against http_host but after some debugging I noticed that $robot was not set in wwsympa properly unless it can match http_host against request_uri.

This configuration was submitted by M. Deranek.

Here is a configuration snippet to make run Sympa with lighttpd (http://www.lighttpd.net) webserver.

Config might require some path tweaking as it customized to Gentoo..

server.modules += ("mod_fastcgi")

alias.url += ( "/static-sympa/icons/" => "/usr/share/sympa/icons/" )
alias.url += ( "/static-sympa/" => "/var/spool/sympa/static_content/" )

$HTTP["url"] =~ "^/sympa" {
fastcgi.server = ( "/sympa" =>
			((	"check-local"	=>	"disable",
				"bin-path"	=>	"/usr/libexec/sympa/wwsympa-wrapper.fcgi",
				"socket"	=>	"/var/run/lighttpd/sympa.sock",
				"max-procs"	=> 	2,
				"idle-timeout"	=> 	20,
			))
		)
}

FastCGI is an extension to CGI, that provides persistency for CGI programs. It is extremely useful with WWSympa, since source code interpretation and all initialisation tasks are performed only once when wwsympa.fcgi processes start. These processes then work as a servlet/daemon, endlessly waiting for client requests.

WWSympa can also work without FastCGI, (check the use_fast_cgi - 1 configuration parameter), but with poor performances.

To run WWSympa with FastCGI, you need to install:

• The FCGI Perl module (see installing_perl_and_cpan_modules)
• An Apache module that provides FastCGI features. You can choose between 2 such implementations :
  • mod_fastcgi, the historical one. Note that it was not extended to work with Apache 2. You can however apply the patch provided here.
  • mod_fcgid, an alternate implementation. The main difference between this module and mod_fastcgi is that fastcgi scripts are not launched at Apache startup, but when the first client request happens.

(Default value: /home/httpd/html/arc)
Where to store HTML archives. This parameter is used by the archived.pl daemon. It is a good idea to install the archive outside the web hierarchy to prevent possible backdoors in the access control powered by WWSympa. However, if Apache is configured with a chroot, you may have to install the archive in the Apache directory tree.

(Default value: thrd)
The default index organization when entering the web archive: either threaded or in chronological order.

(Default value: archived.pid)
The file containing the PID of archived.pl.

(Default value: /var/bounce)
Root directory for storing bounces (non-delivery reports). This parameter is mainly used by the bounced.pl daemon.

(Default value: bounced.pid)
The file containing the PID of bounced.pl.

(Default value: 0)
Lifetime (in minutes) of HTTP cookies. This is the default value when not set explicitly by users.

(Default value: localhost)
Domain for the HTTP cookies. If beginning with a dot (.), the cookie is available within the specified internet domain. Otherwise, for the specified host. Example:

  cookie_domain cru.fr
  cookie is available for host 'cru.fr'

  cookie_domain .cru.fr
  cookie is available for any host within 'cru.fr' domain

The only reason for replacing the default value would be where WWSympa's authentication process is shared with an application running on another host.

(Default value: home)
Organization of the WWSympa home page. If you have only a few lists, the default value home (presenting a list of lists organized by topic) should be replaced by lists (a simple alphabetical list of lists).

(Default value: /icons)
URL of WWSympa's icon directory.

WWSympa will log using this facility. Defaults to Sympa's syslog facility. Configure your syslog according to this parameter.

(Default value: /usr/bin/mhonarc)
Path to the (superb) MhOnArc program. Required for the HTML archive.

(Default value: undefined)
Relative URL to the (superb) online HTML editor HTMLarea. If you have installed Javascript application you can use it when editing HTML documents in the shared document repository. In order to activate this plugin, the value of this parameter should point to the root directory where HTMLarea is installed. HTMLarea is a free opensource software you can download here: http://sf.net/projects/itools-htmlarea

(Default value: insensitive)
If set to insensitive, WWSympa's password check will be insensitive. This only concerns passwords stored in the Sympa database, not the ones in LDAP.

Be careful: in previous 3.xx versions of Sympa, passwords were lowercased before database insertion. Therefore changing to case-sensitive password checking could bring you some password checking problems.

(Default value: Mailing List Service)
The name of your mailing list service. It will appear in the Title section of WWSympa.

(Default value: 1)
Choice of whether or not to use FastCGI. On http://listes.cru.fr, using FastCGI increases WWSympa's performance by as much as a factor of 10. Refer to http://www.fastcgi.com and the Apache config section of this document for details about FastCGI.

WWSympa needs an RDBMS (Relational Database Management System) in order to run. All database access is performed via the Sympa API. Sympa currently interfaces with MySQL, SQLite, PostgreSQL, Oracle and Sybase.

A database is needed to store user passwords and preferences. The database structure is documented in the Sympa documentation; scripts for creating it are also provided with the Sympa distribution (in script).

User information (password and preferences) are stored in the User table. User passwords stored in the database are encrypted using reversible RC4 encryption controlled with the cookie parameter, since WWSympa might need to remind users of their passwords. The security of WWSympa rests on the security of your database.

Once Sympa is running, you should log in on the web interface as a privileged user (listmaster) to explore the admin interface, create mailing lists, etc.

Multiple email addresses can be declared as listmasters via the sympa.conf (or robot.conf) listmaster configuration parameter (see sympa.conf parameters). Note that listmasters on the main robot (declared in sympa.conf) also have listmaster privileges on virtual hosts, but they will not receive the various mail notifications (list creations, warnings,...) regarding these virtual hosts.

The listmasters should log in with their canonical email address as an identifier (not listmaster@my.host). The associated password is not declared in sympa.conf; it will be allocated by Sympa when first hitting the Send me a password button on the web interface. As for any user, the password can then be modified via the Preferences menu.

Note that you must start the sympa.pl process with the web interface; it is responsible for delivering mail messages including password reminders.

This section contains screenshots of the functionalities accessible through the Sympa web administration interface.

As listmaster, you can assume another user's identity. Once done, the web interface will behave as if you were this person. This is useful for assistance.

By modifying this option, you change the log level of Sympa without restarting it. This allows you to temporarily increase the amount of logs produced.

This button makes Sympa display a page with all the current session opened.