Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

Mon, 04 Jun 2018 17:49:40 -0700 

On 06/04/2018 03:27 PM, Jim Popovitch via Mailman-Users wrote:
> 
> BTW, most of those IPs are listed in the XBL (https://www.spamhaus.org/
> xbl/).  I think I'll work on a patch to block signups from IPs in the
> XBL and domains in the DBL (https://www.spamhaus.org/dbl/)


I just checked against spamhaus ZEN and of the 196 IPs associated with
the banned subscribes I reported earlier in this thread, 168 are listed.

I have applied the attached patch to a couple of installations. We'll
see if it helps.

-- 
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

=== modified file 'Mailman/MailList.py'
--- Mailman/MailList.py	2018-04-11 09:36:40 +0000
+++ Mailman/MailList.py	2018-06-05 00:14:20 +0000
@@ -908,6 +908,13 @@
             syslog('vette', '%s banned subscription: %s%s (matched: %s)',
                    realname, email, whence, pattern)
             raise Errors.MembershipIsBanned, pattern
+        # See if this is from a spamhaus listed IP.
+        if remote:
+            if Utils.banned_ip(remote):
+                whence = ' from %s' % remote
+                syslog('vette', '%s banned subscription: %s%s (Spamhaus IP)',
+                       realname, email, whence)
+                raise Errors.MembershipIsBanned, pattern
         # Sanity check the digest flag
         if digest and not self.digestable:
             raise Errors.MMCantDigestError

=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py	2018-04-11 09:36:40 +0000
+++ Mailman/Utils.py	2018-06-05 00:19:56 +0000
@@ -1495,3 +1495,24 @@
     else:
         return s
 
+def banned_ip(ip):
+    if not dns_resolver:
+        return False
+    parts = ip.split('.')
+    if len(parts) != 4:
+        return False
+    lookup = '{}.{}.{}.{}.zen.spamhaus.org'.format(parts[3],
+                                                   parts[2],
+                                                   parts[1],
+                                                   parts[0])
+    resolver = dns.resolver.Resolver()
+    try:
+        ans = resolver.query(lookup, dns.rdatatype.A)
+    except DNSException:
+        return False
+    if not ans:
+        return False
+    text = ans.rrset.to_text()
+    if re.search(r'127\.0\.0\.\d{1,2}$', text, re.MULTILINE):
+        return True
+    return False

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to