On 08/08/2017 10:22 AM, David Gibbs wrote:
>
> Anyone else noticing a distributed mass subscribe attack going on their
> lists?
>
> I've noticed a massive number of attempts a small subset of email
> addresses, with modifiers (address+modif...@example.com), going on.
>
> It appears the address is valid ... so it appears to be some kind of hit
> job to flood someone's inbox.
>
> Luckily the address's are trivial to block using 'ban_list'.
I've seen this on mail.python.org in the past but not recently. Both the
form you mention and a local-p...@gmail.com form with dots interspersed
in the local part (which gmail ignores). I agree that it appears to be
some kind of hit job to flood someone's inbox.
It is this kind of attack that motivated the GLOBAL_BAN_LIST feature in
MM 2.1.21.
What I've seen recently is massive non-member posts in chinese to
maulman-us...@mailman3.org from addresses of the form
string_of_dig...@qq.com and some at 163.com. After waking up to 2000+
held message notifications a while back, I now block these with a
Postfix header_checks rule
/^From:.*<.*[0-9]{4}.*@(qq|163)\.com>/ REJECT Go away you F*ing mail bomber
I am still seeing a few from various @163.com addresses, but I am now
(temporarily?) discarding non-member posts, so I only see them in logs
if I look.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
