Hi all, We have discovered "mail bomber" programs like "boom mail" abusing the web "subscribe" feature of Mailman 2.1.15 to send hundreds of subscription confirmation messages to addresses that then complain to us and report us as spammers. Is there a canonical way to deal with this? The ones we see look like this in our web logs:
104.154.46.32 nmap.org - [29/Jun/2015:15:03:03 +0000] "GET /mailman/subscribe/[email protected]&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe HTTP/1.1" 504 323 "http://ugbox.club/boommail_bachdev/"; "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" We ended up using this config in Apache: <Location /mailman/subscribe> # Stop spammers from sending tons of GET requests to mail-bomb victims with subscription confirmations <LimitExcept POST> Deny from All </LimitExcept> # Those spammers never set referer correctly, either RewriteEngine On RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://\1/.* RewriteRule .* [NC,F] </Location> We'd love to hear if there's a better way to do this. Dan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
