[Mailman-Users] Mailman Security
Odhiambo Washington
odhiambo at gmail.com
Thu Jan 19 11:32:26 EST 2017
On 19 January 2017 at 18:55, Brian Carpenter <brian at emwd.com> wrote:
> > I have a situation which is a little confusing on a server where I run
> > Mailman. The subscription model is "confirm & approve"
> >
> > When I check the MTA's queue, I find hundreds of mail destined to certain
> > addresses, and one address could have 10 or more same mail destined to
> it.
> > I cleared the queue before checking the contents of these e-mails, but I
> > assume they were those 'confirm your subscription' ones to these
> addresses,
> > because I can see the addresses in in Mailman's subscribe logfile.
> >
> > Now this got me thinking: Once one has submitted a subscription request
> and
> > Mailman has dispatched the 'confirm' email, shouldn't mailman decline any
> > further subscription requests from the same address if they decide to
> > submit such, and as such shouldn't send any other confirm/verification
> > requests as long as there is one still pending??
> >
> > I am talking about a situation leading to a subscribe logfile like the
> one
> > at: http://bit.ly/2iFv5vi
> >
> > Might I be missing something in my list configuration???
>
> Subscription spam which is what I think you are experiencing has been dealt
> with to a certain degree by recent versions of mailman. The following two
> functions I believe would be of assistance are:
>
> SUBSCRIBE_FORM_SECRET
> GLOBAL_BAN_LIST
>
>
> There is some detail information about them in Defaults.py I believe.
>
> Brian Carpenter
> EMWD, Owner
>
> Providing Cloud Services and Mailman hosting for over 18 years.
>
>
Awesome.
So is it enough to add
SUBSCRIBE_FORM_SECRET = 'L1feSuX'
to mm_cfg.py and restarting Mailman without doing any other thing??
The GLOBAL_BAN_LIST is self-explanatory when I read it.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
More information about the Mailman-Users
mailing list