On Oct 23, 2012, at 9:28 AM, "Kalbfleisch, Gary" <ga...@shoreline.edu> wrote:
> As a result of this activity I have changed all lists so that confirmation is > required for all subscriptions, and only list owners can view the list of > subscribers. The confirmations don't actually solve the email bombing > problem but it will keep bogus subscriptions to a minimum. I have > implemented some iptables filters as noted previously but I have not yet > opened up the web interface externally. I have been monitoring traffic > directed to port 80 on my Mailman server and it has gone down significantly > since I put up the block. I may open it up again next week to see how my > iptables filters work. BTW, all the general speculation and conversation about CAPTCHAs, etc... notwithstanding, you do clearly have a real operational problem today. For your specific issue, I would recommend keeping your proposed solutions as relatively simple as possible, and layer them. Requiring confirmation is a good simple solution to a number of problems, as is restricting the ability to see list membership to only those people who are list owners. In my experience, KISS+layering almost always beats solutions that are complex from Day One. -- Brad Knowles <b...@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu> ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
