Re: [Mailman-Users] Migrating a list to a new email address

Wed, 20 May 2015 06:44:48 -0700 

On 15/05/15 05:32, Bill Christensen wrote:

I have a long running list with thousands of subscribers that needs to
move to a new set of email addresses.

The existing list is announce-only, so doesn't get a whole lot of
traffic - typically at most a few outgoing emails a year.  But some time
back a bot started sending spam registrations via hits to the web server
in the form

      <domain name>
/mailman/subscribe.cgi/bwbnewsletter?email=<bogus_registrant>@<somedomain.tld><mailto:ruanwe...@hotmail.com>&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe.


I long ago routed real users to an alternative signup, but the spam
keeps coming, unrelenting, and are now anywhere between 1k and 10k per day.
One of our lists was spammed in a similar way. The approach I took was to configure Apache to allow requests to /mailman/subscribe only when the referring page was on our server: 

SetEnvIf Referer lists\.my\.domain localreferer

<Location /mailman/subscribe>
    Order deny,allow
    Deny from all
    Allow from env=localreferer
</Location>

--
David Osborne
University of Nottingham, UK





This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it. 
Please do not use, copy or disclose the information contained in this
message or in any attachment.  Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.

This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.

------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to