Max writes: > Hi, I'm admin for multiple lists and I am getting flooded with fake > signup requests.
As Mark says, stopping email signups is probably a good idea. I wonder if the gmail and yahoo signups are genuine accounts there. If not, checking From alignment (ie, the same domain that is in From has DKIM signed the message) should allow you to filter them. That could be done with code that's already in Mailman, but it would require some additional coding. > It also seems that the same address is trying to sign up multiple > times and this results in multiple mails to the admins/moderators. I believe that there is an option to send moderation mail once a day. If you need more rapid response than that, presumably you have designated folks doing the work, have them check every N hours, and disable the mail notifications entirely. Have them ban the address once and then discard the rest. It's possible that another one could come in in the seconds between polling for moderation requests and sending the ban, but that should be fairly rare. > How can I at least stop the bots from repeated signups with the > same email? This is the Internet; you can't stop them. The best Mailman can do for you is put the address on the ban list. If you think you're being targeted by a specific botnet, you might be able to analyze source IPs and ban them from talking to your hosts at all using a firewall. This list ... OK, none of them are GMail or Yahoo! any more, but Yikes! you've gone scorched-earth! > ^.*@aol.com$ > ^.*@qq.com > ^.*@yandex.ru$ > ^.*@mail.ru$ > ^.*@sbcglobal.net$ > ^.*@msn.com$ > ^.*@163.com$ LOL. Wish *I* could ban them. > ^.*@verizon.net$ > ^.*@comcast.net$ More proactively, we'd all like to use HIMARS, but I think Ukraine needs them more. Firewall and ban list is the best we have at this point. N.B. We don't know everything and we may have missed something we can do. If you have any bright ideas, perhaps we can implement them (but they won't be added to Mailman 2, sorry). Steve ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
