Public bug reported:
This can be prevented by refusing to pend a subscription when one is
already pending, but that means if a subscriber loses or doesn't receive
the confirmation request email, she has to wait PENDING_REQUEST_LIFE
(default 3 days) before she can request another.
It can also be avoided by setting the list's subscribe_policy to
Moderate, but that may not be desirable in many cases.
Because of these considerations, I will implement the refusal to pend a
subscription when one is already pending, but make that depend on a new
REFUSE_SECOND_PENDING mm_cfg.py setting.
** Affects: mailman
Importance: Medium
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1859104
Title:
It is possible to mailbomb a third party by repeatedly posting the
subscribe form.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1859104/+subscriptions
_______________________________________________
Mailman-coders mailing list
[email protected]
https://mail.python.org/mailman/listinfo/mailman-coders
