[Mailman-Users] Migrating a list to a new email address

[Bill Christensen]

Mark's fix:

 If your Mailman is at
least 2.1.16, all you need to do is set

SUBSCRIBE_FORM_SECRET = 'Some string unique to your site"

in mm_cfg.py, and that attack will no longer work.


Is working fine.  But thanks for the alternative suggestions.  I've got a
copy of fail2ban ready to install but just haven't had time to configure it
yet.

On Wed, May 20, 2015 at 9:07 AM, Adam McGreggor <adam-mailman at amyl.org.uk>
wrote:

> On Wed, May 20, 2015 at 02:38:01PM +0100, David Osborne wrote:
> > On 15/05/15 05:32, Bill Christensen wrote:
> > >I long ago routed real users to an alternative signup, but the spam
> > >keeps coming, unrelenting, and are now anywhere between 1k and 10k per
> day.
> >
> > One of our lists was spammed in a similar way. The approach I took
> > was to configure Apache to allow requests to /mailman/subscribe only
> > when the referring page was on our server:
>
> I've used mod_security/fail2ban in the past, both work as well as
> might be expected.
>
> […]
>
> > This message and any attachment are intended solely for the addressee
> > and may contain confidential information. If you have received this
> > message in error, please send it back to me, and immediately delete
> > it.
>
> Hum.
>
>
> --
> "Celebrity can be malign in that it becomes a form of idolatry, and
>  people live their lives vicariously through the rich and famous rather
>  than attending to their own lives."
>     -- John Sentamu
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
>