[Mailman-Users] Re: spamming
On 10/23/23 6:46 PM, Jim Dory wrote: On 10/23/23 17:38, rich...@karmannghia.org wrote: On Mon, 23 Oct 2023, dde...@cyberthugs.com wrote: .. Implementing the google captcha solution to Mailman a week or so ago stopped it dead. For now... Hi Jim, Interesting, and thanks for posting. Can you please describe, briefly, as an overview only, what that interface is like? I'm sure I can look up details, but, well, "details matter!" (And I don't mean the nitty gritty of installation or whatever.) I'm interested in implementation overview in how that relates to the user's experience - I already know what 'captcha' is like! We're talking web interface details, right? Thanks, Richard Hello Richard, It was ddewey that mentioned the captcha. I am interested in implementing it and googled it - found things from about 10 years ago, and mailman post from 2017. I have mailman version 2.1.39 on a VPS hosted server (with WHM and CPanel) with root privileges, though not sure I have the chutzpa to install it. Could give it a try I suppose. The mailman post was https://mail.python.org/pipermail/mailman-users/2017-December/082820.ht I don't think that's required. We have reCAPTCHA implemented for MM 2.1 at https://mail.python.org/mailman/listinfo/ by just following the doc at https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Defaults.py.in#L153 - there is also a custom CAPTCHA test that can be implemented as documented at https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Defaults.py.in#L134. You will find Defaults.py and mm_cfg.py in /usr/local/cpanel/3rdparty/mailman/Mailman/ on cPanel. Any changes should be made by settings in mm_cfg.py which will override the defaults from Defaults.py. Also see https://wiki.list.org/DOC/Mailman%20and%20CPanel for info about cPanel. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On Mon, 23 Oct 2023, dde...@cyberthugs.com wrote: .. Implementing the google captcha solution to Mailman a week or so ago stopped it dead. For now... Hi Jim, Interesting, and thanks for posting. Can you please describe, briefly, as an overview only, what that interface is like? I'm sure I can look up details, but, well, "details matter!" (And I don't mean the nitty gritty of installation or whatever.) I'm interested in implementation overview in how that relates to the user's experience - I already know what 'captcha' is like! We're talking web interface details, right? Thanks, Richard -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On 10/23/23 17:38, rich...@karmannghia.org wrote: On Mon, 23 Oct 2023, dde...@cyberthugs.com wrote: .. Implementing the google captcha solution to Mailman a week or so ago stopped it dead. For now... Hi Jim, Interesting, and thanks for posting. Can you please describe, briefly, as an overview only, what that interface is like? I'm sure I can look up details, but, well, "details matter!" (And I don't mean the nitty gritty of installation or whatever.) I'm interested in implementation overview in how that relates to the user's experience - I already know what 'captcha' is like! We're talking web interface details, right? Thanks, Richard Hello Richard, It was ddewey that mentioned the captcha. I am interested in implementing it and googled it - found things from about 10 years ago, and mailman post from 2017. I have mailman version 2.1.39 on a VPS hosted server (with WHM and CPanel) with root privileges, though not sure I have the chutzpa to install it. Could give it a try I suppose. The mailman post was https://mail.python.org/pipermail/mailman-users/2017-December/082820.html Jim -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
I started seeing these as well, in pretty large quantities just recently. I wasn't seeing spam notices, but an increase in my deferred mail queue (Postfix) from emails that couldn't be delivered. Looking in my Mailman logs, I had hundreds of subscription/signup requests without any subsequent confirmations, and they were coming in once a minute or so from bots. I had added 'SUBSCRIBE_FORM_SECRET' with a key some time ago, but that seemed to have stopped working as effectively. Implementing the google captcha solution to Mailman a week or so ago stopped it dead. For now... Quoting Jim Dory (ja...@dorydesign.com): > I've got a new problem with my mailing list. I run a local > announcements/trade list that should be of no interest to > non-locals. > > I started seeing warnings from Yahoo about users marking messages as > spam.. (I'm subscribed to Yahoo's Antispam Feedback. I never got > other feedback loops from others - like Microsoft - to work). The > messages that were being marked as spam by users were the > confirmation emails sent by mailman to confirm a signup. To avoid > having Yahoo shut down the list as spam (for its subscribers), I set > the subscription to be approved by admin, so I could review who was > trying to sign up. > > More and more now I'm seeing what appears to be spammers trying to subscribe, > but I can't be sure. I'm seeing emails like: > > hirofeet0...@yahoo.co.jp (doesn't seem local) > blvckp...@gmail.com(not many use user names such as that) > fsafwcasgsa...@gwqc.com (obviously not real - couldn't find domain with > minimal searching) > > Plus some that could be local but how would I know. > > I could take off the "approval by admin" for subscription and just deal with > anyone that is a problem afterward, but I do worry that they may be > harvesting emails from subscribers, which are available in the reply-to > headers. > > Don't know if there's anything I can do. Anyone else dealing with this? > > thanks. Jim > > -- > Mailman-Users mailing list -- mailman-users@python.org > To unsubscribe send an email to mailman-users-le...@python.org > https://mail.python.org/mailman3/lists/mailman-users.python.org/ > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ >https://mail.python.org/archives/list/mailman-users@python.org/ > Member address: dde...@cyberthugs.com -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] spamming
I've got a new problem with my mailing list. I run a local announcements/trade list that should be of no interest to non-locals. I started seeing warnings from Yahoo about users marking messages as spam.. (I'm subscribed to Yahoo's Antispam Feedback. I never got other feedback loops from others - like Microsoft - to work). The messages that were being marked as spam by users were the confirmation emails sent by mailman to confirm a signup. To avoid having Yahoo shut down the list as spam (for its subscribers), I set the subscription to be approved by admin, so I could review who was trying to sign up. More and more now I'm seeing what appears to be spammers trying to subscribe, but I can't be sure. I'm seeing emails like: hirofeet0...@yahoo.co.jp (doesn't seem local) blvckp...@gmail.com(not many use user names such as that) fsafwcasgsa...@gwqc.com (obviously not real - couldn't find domain with minimal searching) Plus some that could be local but how would I know. I could take off the "approval by admin" for subscription and just deal with anyone that is a problem afterward, but I do worry that they may be harvesting emails from subscribers, which are available in the reply-to headers. Don't know if there's anything I can do. Anyone else dealing with this? thanks. Jim -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org