You might want to generate a hash of the "Subscribers' Addresses" and if you see more than say, 5? In a 1 minute period, block all subsequent attempts.
https://www.spamhaus.org/news/article/734/subscription-bombing-coi-captcha-and-the-next-generation-of-mail-bombs (2016-09-16 20:31:07 UTC) Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ? -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of Andy Smith via mailop Sent: Wednesday, August 19, 2020 5:06 AM To: mailop@mailop.org Subject: [EXTERNAL] Re: [mailop] Mailman confirmation email denial of service Hi, On Wed, Aug 19, 2020 at 07:53:43PM +0800, Philip Paeps via mailop wrote: > On 2020-08-19 18:24:30 (+0800), Andreas Schamanek via mailop wrote: > >BTW, Mailman mm_cfg.py option `SUBSCRIBE_FORM_SECRET` apparently > >mitigates the DoS, too. > > We've also had some success in the past with raising > SUBSCRIBE_FORM_MIN_TIME. Thanks both for these settings that I had overlooked. Cheers, Andy _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop&data=02%7C01%7Cmichael.wise%40microsoft.com%7C87a8023760e64b439d5608d84438c00f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637334357836546128&sdata=7QGn3OQW71YIO3zrs7ANRL6bAMtaeZN1NgLJq0r7smk%3D&reserved=0
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
