[Mailman-Users] Handling bogus subscribe requests
Mark Sapiro
mark at msapiro.net
Tue Jan 12 12:54:06 EST 2016
On 01/12/2016 01:18 AM, Andrew Daviel wrote:
>
> In the last few days we've seen several thousand bogus subscription
> requests for various lists we host, send through the web interface. They
> seem to mostly originate in China.
>
> We see log entries such as /var/log/mailman/subscribe
> Jan 11 20:50:30 2016 (27666) grsi-users: pending
> hellocatboots+80339132 at gmail.com 221.178.182.31
> and in the webserver logs
> 221.178.182.31 - - [10/Jan/2016:03:27:18 -0800] "POST
> /mailman/subscribe/grsi-users HTTP/1.1" 200
>
> I'm not sure what the point is - a DoS attack on a few users, perhaps. I
> see that gmail gives you infinite aliases, so that
> hellocatboots+80339132 is the same as hellocatboots+96529823 at gmail.com
There are threads on this in the archives of this list. See threads
containing the posts
<https://mail.python.org/pipermail/mailman-users/2015-September/079829.html>
and
<https://mail.python.org/pipermail/mailman-users/2015-September/079844.html>
and perhaps the thread starting at
https://mail.python.org/pipermail/mailman-users/2015-September/079855.html.
For the @python.org lists, we use the regexp '^.*\+.*\d{3,}@' in the
newly implemented, not yet released GLOBAL_BAN_LIST to ban all addresses
with a '+' followed by anything followed by at least 3 digits up to the '@'.
Read
<https://mail.python.org/pipermail/mailman-users/2015-September/079844.html>
for more on that.
It's been effective so far.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list