On 19 January 2017 at 21:22, Mark Sapiro <m...@msapiro.net> wrote: > On 01/19/2017 08:32 AM, Odhiambo Washington wrote: > > On 19 January 2017 at 18:55, Brian Carpenter <br...@emwd.com> wrote: > > > > Odhiambo Washington wrote: > >>> > >>> Now this got me thinking: Once one has submitted a subscription request > >> and > >>> Mailman has dispatched the 'confirm' email, shouldn't mailman decline > any > >>> further subscription requests from the same address if they decide to > >>> submit such, and as such shouldn't send any other confirm/verification > >>> requests as long as there is one still pending?? > > > Perhaps there should be a limit, but not an outright refusal because the > original confirmation email could have been lost. > > In any case, I'm not interested in implementing this. > > > > >> Subscription spam which is what I think you are experiencing has been > dealt > >> with to a certain degree by recent versions of mailman. The following > two > >> functions I believe would be of assistance are: > >> > >> SUBSCRIBE_FORM_SECRET > >> GLOBAL_BAN_LIST > >> > ... > > So is it enough to add > > > > SUBSCRIBE_FORM_SECRET = 'L1feSuX' > > > > to mm_cfg.py and restarting Mailman without doing any other thing?? > > > That is sufficient to enable that feature and it will help block robotic > web subscribes, but there are bots now that are smart enough to mimic > human behavior in first getting the listinfo page and then waiting > before posting the subscribe form. > > Thanks for the clarification. Now I'll just wait and see if the smart bots are involved.
> > > The GLOBAL_BAN_LIST is self-explanatory when I read it. > > > There are various, widespread attacks of this nature, but none that I've > seen with the addresses you're seeing. There are several threads on this > in the archives of this list. > > Look at some of the hits from searching at > <http://www.mail-archive.com/mailman-users%40python.org/> for > global_ban_list. > Seen that. Usable, but not everything, given that some addresses on my list are well-known free mail providers. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
