[Mailman-Users] Re: Flooded with signup requests
On 7/29/22 02:02, Max wrote: I would have expected that Mailman shows the user/bot a message saying: Hey simon1...@gmail.com, you already have a pending signup request, please be patient while the moderators are reviewing your request. Mailman 3 does this. The message is not so gracious, just "Subscription request already pending", but this is not the case with Mailman 2.1. While it would be possible in MM 2.1 to check the `pending` and `requests` data for an existing request before accepting a new one, MM 2.1 is EOL and won't be changed to do this. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Managing Lists Remotely
Daniel Krause via Mailman-Users writes: > We're looking at options to manage our mailman3 lists programmatically from > a saas platform we offer. > > The rest api seems like the way to go, but almost everything I read > about it says do not expose this publicly. Use a dedicated encrypted tunnel from the saas platform to the list host. As long as that goes directly to Mailman's REST port, I don't see why the management would have a problem. Unless you're sharing the Mailman instance---but if that's a problem I don't think they'd give you REST access either. Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Flooded with signup requests
Max writes: > I would have expected that Mailman shows the user/bot a message saying: > Hey simon1...@gmail.com, you already have a pending signup request, > please be patient while the moderators are reviewing your request. I don't think that information is readily available to the subscription request handler. The database Mailman 2 uses is simple and foolproof for its own purposes: each request is processed immediately, any emails etc are sent, and the request ends up in a file with a unique name ordered by time of receipt. It wouldn't be hard to keep an auxiliary database with request addresses in it so we could easily check for duplicates, but it doesn't simplify things very much because both moderators and subscribers lose mail, either by mistake or because they have a strict filter. So we'll just send another confirmation response anyway because there's a good chance that they didn't get the first. Obviously that doesn't apply to the kind of attack your site is facing, but it's very unusual for a list to be attacked this way in my experience. > Instead all moderators get the same signup request email from the same > email address every minute for hours. In 'General Options' set admin_immed_notify to No, and only one mail will be sent per day. Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Flooded with signup requests
On 29.07.22 06:04, Stephen J. Turnbull wrote: > How can I at least stop the bots from repeated signups with the > same email? This is the Internet; you can't stop them. The best Mailman can do for you is put the address on the ban list. I would have expected that Mailman shows the user/bot a message saying: Hey simon1...@gmail.com, you already have a pending signup request, please be patient while the moderators are reviewing your request. Instead all moderators get the same signup request email from the same email address every minute for hours. :o -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/