[Mailman-Users] Spam Subscriptions

Mark Sapiro mark at msapiro.net
Fri Feb 23 13:50:21 EST 2018 

On 02/23/2018 07:07 AM, David Andrews wrote:
> 
> I have just two lists that receive a bunch of spam subscribes each day
> -- hundreds of them, in fact. For some reason -- which is good, they are
> held, so don't go through, not quite sure why.  Two questions -- first
> is there a file I can erase for each list that will get rid of all the
> held subscriptions, without breaking anything else.  I tried once, and
> my installation broke -- don't know if it is related, but don't want to
> try again unless I do it right.


See the script at <https://www.msapiro.net/scripts/erase> (mirrored at
<https://fog.ccsf.edu/~msapiro/scripts/erase>). This will remove
everything for an address or addresses that match a regexp.

Also for any list you can remove the lists/LISTNAME/request.pck file,
but if there are any held messages for the list, they too will disappear
from the pending requests although the data/heldmsg-LISTNAME-nnn.pck
file will still be there. The best thing is to handle all held messages
before removing the requests.pck file, but there is a script at
<https://www.msapiro.net/scripts/hold_again> (mirrored as above) that
can reprocess the data/heldmsg-LISTNAME-nnn.pck files or they can be
removed if not wanted.


> Secondly, there is some commonality in the subscribe addresses, are
> there strings I can use to discard the subscribes so I never have to see
> them.
> 
> Below are examples, there is a common word, or a common word, a period
> ., and another common word, then a plus sign + then a 4 5 or 6 character
> word, all alpha, and @gmail.com
> Here are examples:
> 
> 
> dragonommz+
> jwmidnight+
> nommz.naidoo+


Since Mailman 2.1.21 there is a GLOBAL_BAN_LIST. See
<https://mail.python.org/pipermail/mailman-users/2018-January/082905.html>
for a bit on how to use this. You will find more in the archives from
this Google search
<https://www.google.com/search?q=site%3Amail.python.org+inurl%3Amailman-users+%22global_ban_list%22>

Also, if you haven't done so, set SUBSCRIBE_FORM_SECRET to some string
unique to your site.

Both the above are mm_cfg.py settings.

Also, I don't know when cPanel will upgrade to Mailman 2.1.26 but it
contains an ability to enable reCAPTCHA on the listinfo page subscribe form.


> Finally, I know it is probably too late in the Mailman2 cycle to get a
> new feature, but in the web UI, it would be nice if you could delete all
> deferred subscriptions.  You can do so with deferred messages, that are
> held, but not subscriptions.


If someone wants to do it, I'd accept a merge request, but I'm not
likely to do it myself

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list