Unsubscribe problems

I

iksqi

New Member
Hi,

I'm having some troubles with the [Unsubscribe] feature. I created a local list on my mac (80,000 emails). The emails contained the [Unsubscribe] tag. When I tested these emails, the [Unsubscribe] feature worked fine, which means clicking on it from the email message would bring up the unsubscribe page from my website with something like this (I changed the encoded string as to not reveal the user's email):
http://www.logsat.com/MLM30/lm/lm.php?u ... &local=yes

The website processed the subscribe requests successfully:
================================
Your subscription has been cancelled
You have asked to cancel your subscription from all lists.

The email address [email protected] has been successfully deleted.
===============================

In addition, when closing/re-opening MaxBulk Mailer on my Mac the test address showed up as unsubscribed. All was good, so I sent the emails out to all 80,000 users.

Today I saw 190 unsubscription requests being made by using the "Statistics" option in MaxBulk Mailer. In addition, one single user asked me to remove her from the list, so I simply clicked on her behalf the "Unsubscribe" link from her email (using the preview tab in MaxBulk). I too received a successful confirmation from my website that her email address was unsubscribed.

However, when I select "Unsubscriptions from MLM" from the recipients tab, or when I close/open MaxBulk Mailer, only about 20 or so emails were unsubscribed, not the 190 that did indeed unsubscribe. And the email I myself unsubscribed (and received confirmation of doing so) is still subscribed.

And while I was typing this post, I tried closing/-reopening MaxBulk mailer and reselecting my local list. It updated from the server saying that there was another unsubscription request and processed it. However that was only one more, I have about 170 that did not get processed, including the one I myself did (so I'm sure there were no errors while unsubscribing).

I did select "Check for unsubscribe requests when selecting a local list" in the General preferences.

...how do we fix this? I'm not using MySQL, just local lists on my Mac and text files on the server. FYI installing MySQL on the webserver is not an option.

Thanks,

Roberto
 
stanbusk

stanbusk

Administrator
Staff member
When unsubscribing somebody manually don't do it from the preview panel. MLM uses a test list instead of the real list.

About the other problem, did you select the list before sending the message? When selecting a list are you sure you did not ignore the unsubscribe window? I did several times myself thinking it was another thing. Also, sis you activate all MLM option s in MaxBulk Mailer before sending the message?
 
I

iksqi

New Member
I didn't know about the test list form the preview pane - thanks for letting me know. I then tried unsubscribing using the link in the actually received to one of the several email addresses I myself us (and to which I also sent the mailings). I see the same results - the website confirms the unsubscription as per below:
mlmerror.png


however when opening my recipients list this request is not seen by MaxBulk. The process does work very rarely however. For example, in the past 48 hours I received 63 email confirmations that a user requested to unsubscribed via the link in the mailing. First of all, for some reason 60 of those 63 requests contained this text in my email confirmation (unsubscribed from "."):

[email protected] has unsubscribed from .

Only 3 of those emails contained the actual list name:

[email protected] has unsubscribed from Family Tracker Announcements.

And this is what happened when I used MaxBulk mailer today:

  • Start MaxBulk Mailer
    Open the file with my .mbm mailing
    Go to "Recipients" tab
    Select the appropriate list with 80,000+ entries from drop down
    MailMax Loads list, and pops us notification "1 recipients have asked to unsubscribe from this list", with options to "Show" and "Unsubscribe".
    Clicking on"Show" actually displays 2 email addresses that asked to unsubscribe.

So MaxBulk mailer saw *two* unsubscription requests out of 63... What happened to the other 61?

To answer your questions, for "did you select the list before sending the message" yes, I did select the list before sending the message. I was mailing 80,000 users, and I was being very very very cautious in how I was proceeding.
For the "When selecting a list are you sure you did not ignore the unsubscribe window" and "you activate all MLM option s in MaxBulk ", I'm not sure I follow you there - what do you mean? Here are my settings:
mlmsettings.png


and I did add the [Unsubscribe] entry in the mailing (since I obviously see and used the link to unsubscribe myself).

Thanks,
 
I

iksqi

New Member
Nope.. As I already wrote in my original post:

=====
I'm not using MySQL, just local lists on my Mac and text files on the server. FYI installing MySQL on the webserver is not an option
======
 
stanbusk

stanbusk

Administrator
Staff member
It is a pitty you can't use such a great think as mySQL that comes from free with almost all web package and takes no time to set up. We indeed give a text alternative for storing but this alternative can give problems on given servers. Indeed data is supposed to be stored in data system like mySQL and web servers are supposed to serve files only. Have you talk to your server support about this problem? Perhaps there is a problem on your server when wringing files.
 
I

iksqi

New Member
I am the server support :) Unfortunately MySQL is not an option at this time on the server.

Could you then please provide more specifics on what text files/directories MLM is trying to write to when someone unsubscribes, and the ones that MaxBulk is
retrieving via the web, so I can try to understand why this works for only a handful of entries, but fails for the majority of the others?

Thanks!
 
stanbusk

stanbusk

Administrator
Staff member
Look at the files in the '/Lists' folder. The '.txt' files are the lists, the '.in' files are log files containing the subscriptions, the '.out' files are the log files containing the unsubscribes and the '.lock' files are to prevent the file to be opened by more than one process at the same time.
 
I

iksqi

New Member
No luck. That folder does not contain anything regarding the announcements I've sent nor the unsubscribe requests. What I do see is the folder /localreq that contains a few .out and .txt files, including a "All.out" and "All.txt" files which contain the list of users who have unsubscribed. The vast majority of those email addresses present in those two files still show as "subscribed" in MaxBulk.

I also do see that those two files contain a lot of trash entries, for example:


Chance Stobaugh [email protected] 0 0
r©#wkâoóv òª
ovrworn
®Ëom–iîrîew&àË
in ¾áËker&ávgénân  k «ð‰ùôoxår׸¢©#rØ0¢Û°sîs{âsiòkåsoso 0 0
Jessica [email protected] 0 0


I removed the "gremlins" (ASCII control characters) and re-saved the files, but maxBulk still does not see the unsubscriptions...

So, the good news is that the text files do contain the unsubscribe requests. The bad is that MaxBulk does not. How do I make MaxBulk re-scan the files to read them? (I tried already from the "Recipients" tab, and then selected "Unsubscriptions from MLM", but this didn't find any new requests)
 
stanbusk

stanbusk

Administrator
Staff member
Weird, all MLM files are plain text files, all readable files. We use no binaries. I don't know what that junk is. Note that the 'localreq' folder contains the unsubscribe requests from recipient on local list.
 
I

iksqi

New Member
Uhm... you have some issues with the code. I was able to setup a temporary mySQL install to test this out. Remember a few posts up when I mentioned the binary characters and you said it wasn't possible...? Well, I received this email warning today:
mlmbinarystuff.png


This is pretty serious as, in addition to the bug about the binary characters coming from somewhere in MaxBulk/MLM, such an error tells me there is insufficient/no validation against SQL injection attacks, if MLM is trying to do an insert with that data. Without validation, it could take me/hacker just minutes to get root access to the mySQL Server. Needless to say I will have to shutdown mySQL and reconfigure MLM to use text files, as we can't risk compromising the database server.

I hope you will look into this soon, as the MLM web interface is very dangerous when used with a database backend without validation for SQL injection.
 
stanbusk

stanbusk

Administrator
Staff member
When you use the MLM web interface you have to log in. The log in system doesn't use mySQL so you can't do a SQL injection here. All what the PHP script does here is to compare what you enter with what you have in the lm_settings.php file. It is a text compare. Now, if you use a MLM command URL you can indeed send junk however, have you tried to do an injection that way? I don't think it would work.
 
I

iksqi

New Member
This has nothing to do with the login. If you look at the screenshot you should recognize your click-thru table tbl_mlm_sub_clk that tracks the click-thrus for the links in the emails. Clicking that link is what caused that binary garbage to be inserted into the SQL statement, not the login...
I removed the mySQL support right after that post and reverted to text files, so I can't test. Glancing at the PHP code I see you are using mysql_real_escape_string to filter invalid characters. That is often fine, but not always, and I honestly do not want to incur the risk of using vulnerable code. Using mySQL has no advantages in my situation (on the contrary, it introduces unwanted risks), as the corruption I saw in text files is still present with mySQL as my screenshot shows, indicating deeper issues in the php code.
 
You must log in or register to reply here.
Top