On 08/08/2017 10:22 AM, David Gibbs wrote: > > Anyone else noticing a distributed mass subscribe attack going on their > lists? > > I've noticed a massive number of attempts a small subset of email > addresses, with modifiers (address+modif...@example.com), going on. > > It appears the address is valid ... so it appears to be some kind of hit > job to flood someone's inbox. > > Luckily the address's are trivial to block using 'ban_list'.
I've seen this on mail.python.org in the past but not recently. Both the form you mention and a local-p...@gmail.com form with dots interspersed in the local part (which gmail ignores). I agree that it appears to be some kind of hit job to flood someone's inbox. It is this kind of attack that motivated the GLOBAL_BAN_LIST feature in MM 2.1.21. What I've seen recently is massive non-member posts in chinese to maulman-us...@mailman3.org from addresses of the form string_of_dig...@qq.com and some at 163.com. After waking up to 2000+ held message notifications a while back, I now block these with a Postfix header_checks rule /^From:.*<.*[0-9]{4}.*@(qq|163)\.com>/ REJECT Go away you F*ing mail bomber I am still seeing a few from various @163.com addresses, but I am now (temporarily?) discarding non-member posts, so I only see them in logs if I look. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org