[Bug 1859104] [NEW] It is possible to mailbomb a third party by repeatedly posting the subscribe form.
Mark Sapiro
mark at msapiro.net
Thu Jan 9 19:54:18 EST 2020
Public bug reported:
This can be prevented by refusing to pend a subscription when one is
already pending, but that means if a subscriber loses or doesn't receive
the confirmation request email, she has to wait PENDING_REQUEST_LIFE
(default 3 days) before she can request another.
It can also be avoided by setting the list's subscribe_policy to
Moderate, but that may not be desirable in many cases.
Because of these considerations, I will implement the refusal to pend a
subscription when one is already pending, but make that depend on a new
REFUSE_SECOND_PENDING mm_cfg.py setting.
** Affects: mailman
Importance: Medium
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1859104
Title:
It is possible to mailbomb a third party by repeatedly posting the
subscribe form.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1859104/+subscriptions
More information about the Mailman-coders
mailing list