On 7/29/21 3:05 PM, Karl Berry wrote:
Thanks Mark! I've been using the mailman from my distro, which is (sigh)
older. I'll look into going back to installing mailman from scratch, as
I've done before.
We have information about upgrading a Debian/Ubuntu package from source
at
Thanks to everyone for the great replies.
davidg> I have it setup, but it's not very sophisticated ...
failregex = .*\/\s+-\s+-\s+\[.*\]\s+"POST\s+\/mailman\/subscribe
It's just looking for repeated subscribe attempts.
Thanks David! What are you using for maxretry, findtime,
On 7/29/21 11:29 AM, Mark Sapiro wrote:
On 7/28/21 2:24 PM, Karl Berry wrote:
2) At least in my cases, the floods try to subscribe the same address
over and over (and over and ...). It occurs to me that mailman could
silently discard a request to subscribe an address f...@bar.com if
On 7/28/21 2:24 PM, Karl Berry wrote:
I've mitigated the current attack, but it's happened before and will
happen again. I'm already using SUBSCRIBE_FORM_SECRET. I also saw Mark's
patch in the thread above to disable subscriptions for a particular
list, which is helpful.
Beginning with
Karl Berry writes:
I'm surprised Mark hasn't chimed in, maybe he's out on a boat catching
salmon. Don't know when he'll be back, so here's what little I can
say.
> 1) The above mailman-users thread refers to using fail2ban.
The set in
On 7/28/21 4:24 PM, Karl Berry wrote:
1) The above mailman-users thread refers to using fail2ban. This sounds
sensible. Does anyone have a a working fail2ban filter they can share
for this?
I have it setup, but it's not very sophisticated ...
failregex =
On 07/28/21 15:24, Karl Berry wrote:
> 2) At least in my cases, the floods try to subscribe the same address
> over and over (and over and ...). It occurs to me that mailman could
> silently discard a request to subscribe an address f...@bar.com if
> f...@bar.com already has a pending subscription