Thanks to everyone for the great replies.
davidg> I have it setup, but it's not very sophisticated ...
failregex = .*\/<HOST>\s+-\s+-\s+\[.*\]\s+"POST\s+\/mailman\/subscribe
It's just looking for repeated subscribe attempts.
Thanks David! What are you using for maxretry, findtime, bantime, etc.,
in jail.local (or whatever)? I find it's often as hard to figure out
good values for those as to write the regexps ...
marks> Actually, it is in Mailman 2.1.30. Set
REFUSE_SECOND_PENDING = Yes
in mm_cfg.py to enable it.
Thanks Mark! I've been using the mailman from my distro, which is (sigh)
older. I'll look into going back to installing mailman from scratch, as
I've done before.
jonb> You can probably do this with a procmail filter before anything hits
I'm not sure. My impression is the bad guys are hitting the subscribe
cgi directly, not sending mail requests. But procmail could work for
mail floods, for sure.
Sorry about not working out the details, but I thought it might be
better to say something rather than nothing.
Definitely :).
Thanks again,
Karl
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
