[Mailman-Users] Handling bogus subscribe requests
Mark Sapiro
mark at msapiro.net
Sat Jan 16 21:27:00 EST 2016
On 01/16/2016 05:13 PM, Perry E. Metzger wrote:
> On Sat, 16 Jan 2016 16:52:29 -0800 Mark Sapiro <mark at msapiro.net>
> wrote:
>>
>> Please provide some examples. If there is any discernable pattern,
>> it might be blockable without impacting real subscribers.
>
> I don't have a lot of examples (haven't been saving them as I nuke
> stuff out of the postfix queue) but I just nuked one aimed at what
> I could characterize as user\+[a-z]+[0-9]@gmail.com
Is that just one digit? If so, that's a tough one to separate from legit
ones, but in what I've seen the 'user' part doesn't vary all that much
so you could focus on that.
> I already had a regexp in to nuke everything aimed at a post-+
> section with just digits. I'm reluctant to go further than that
> immediately, although I suspect trailing digits after alphabeticals
> are also unlikely to be real submailboxes.
I certainly agree that 3 or more and perhaps even 2 trailing digits is
unlikely, but a single trailing digit is likely too agressive.
Just for info, there are a total of 60580 subscriptions with 41715
unique email addresses to lists @python.org. Of the 41745, 620 have a
'+' in the address and of those, 24 have at least one digit immediately
before the @. of the 25, 15 are subscriptions for the nabble.com
archiving service and 2 are subscriptions for a googlegroups archiving
service. Of the remaining 7, there are 2 +python3000, 1 +python-3000 and
1 +py3000, and the other 3 have only one digit including one +mm3.
So, in this installation at least, \+.*[0-9]@ is rare and most of even
those are archivers with multiple digits or are probably motivated by
the nature of the installation.
> Would it be hard to add optional recaptcha support for the pages with
> forms in a future release? That would probably prevent most such
> games and it doesn't seem so bad.
I hate them. I'd really have to be convinced of the need.
In any case, you already have that ability. The only place I think you
need it is the subscribe form on the listinfo page. It is a simple
matter to install a sitewide custom listinfo template in (for example
for english) $prefix/templates/site/en/listinfo.html or to make a list
specific one through the web admin UI.
Since reCAPTCHA in particular requires registration and perhaps other
steps outside of Mailman, I don't think it's too burdensome that the
Mailman part requires making a custom template.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list