[Mailman-Users] Spam Subscriptions

David Andrews dandrews at visi.com
Sat Jun 2 21:55:16 EDT 2018 

A couple months ago I asked a question and got a 
response from Mark Sapiro, see below. We are 
having trouble implementing anything. We are 
trying recaptcha, but it isn't popular with our 
users, thousands of whom are blind. Here is what my Linux guy asks:

Does anyone have any solution for dealing with spam subscriptions from gmail
addresses?
The requests are coming from random addresses that contain a few words, a
plus sign, then another random string of characters. I can't figure out how
we block this without blocking all addresses with plus characters in them,
which is not a good option.
We are getting hundreds of held subscription messages per day. Is blocking
this kind of thing through Exim an option? We are using cpanel.


p.s. The number of messages is causing my ISP to throttle my e-mail!

Dave


At 01:50 PM 2/23/2018, Mark Sapiro wrote:
>On 02/23/2018 07:07 AM, David Andrews wrote: > > 
>I have just two lists that receive a bunch of 
>spam subscribes each day > -- hundreds of them, 
>in fact. For some reason -- which is good, they 
>are > held, so don't go through, not quite sure 
>why.  Two questions -- first > is there a file 
>I can erase for each list that will get rid of 
>all the > held subscriptions, without breaking 
>anything else.  I tried once, and > my 
>installation broke -- don't know if it is 
>related, but don't want to > try again unless I 
>do it right. See the script at 
><https://www.msapiro.net/scripts/erase> 
>(mirrored at 
><https://fog.ccsf.edu/~msapiro/scripts/erase>). 
>This will remove everything for an address or 
>addresses that match a regexp. Also for any list 
>you can remove the lists/LISTNAME/request.pck 
>file, but if there are any held messages for the 
>list, they too will disappear from the pending 
>requests although the 
>data/heldmsg-LISTNAME-nnn.pck file will still be 
>there. The best thing is to handle all held 
>messages before removing the requests.pck file, 
>but there is a script at 
><https://www.msapiro.net/scripts/hold_again> 
>(mirrored as above) that can reprocess the 
>data/heldmsg-LISTNAME-nnn.pck files or they can 
>be removed if not wanted. > Secondly, there is 
>some commonality in the subscribe addresses, 
>are > there strings I can use to discard the 
>subscribes so I never have to see > them. > > 
>Below are examples, there is a common word, or a 
>common word, a period > ., and another common 
>word, then a plus sign + then a 4 5 or 6 
>character > word, all alpha, and @gmail.com > 
>Here are examples: > > > dragonommz+ > 
>jwmidnight+ > nommz.naidoo+ Since Mailman 2.1.21 
>there is a GLOBAL_BAN_LIST. See 
><https://mail.python.org/pipermail/mailman-users/2018-January/082905.html> 
>for a bit on how to use this. You will find more 
>in the archives from this Google search 
><https://www.google.com/search?q=site%3Amail.python.org+inurl%3Amailman-users+%22global_ban_list%22> 
>Also, if you haven't done so, set 
>SUBSCRIBE_FORM_SECRET to some string unique to 
>your site. Both the above are mm_cfg.py 
>settings. Also, I don't know when cPanel will 
>upgrade to Mailman 2.1.26 but it contains an 
>ability to enable reCAPTCHA on the listinfo page 
>subscribe form. > Finally, I know it is probably 
>too late in the Mailman2 cycle to get a > new 
>feature, but in the web UI, it would be nice if 
>you could delete all > deferred 
>subscriptions.  You can do so with deferred 
>messages, that are > held, but not 
>subscriptions. If someone wants to do it, I'd 
>accept a merge request, but I'm not likely to do 
>it myself -- Mark Sapiro 
><mark at msapiro.net>        The highway is for 
>gamblers, San Francisco Bay Area, 
>California    better use your sense - B. Dylan 
>------------------------------------------------------ 
>Mailman-Users mailing list 
>Mailman-Users at python.org 
>https://mail.python.org/mailman/listinfo/mailman-users 
>Mailman FAQ: http://wiki.list.org/x/AgA3 
>Security Policy: http://wiki.list.org/x/QIA9 
>Searchable Archives: 
>http://www.mail-archive.com/mailman-users%40python.org/ 
>Unsubscribe: 
>https://mail.python.org/mailman/options/mailman-users/dandrews%40visi.com


---
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the Mailman-Users mailing list