I'm receiving a lot of fake Subscription Requests and spend time to
1. how can I "lock" lists not to receive requests except administrator's
2. how can I mass discard those request from console?
Thank you in advance,
Thanks to the advice of Mark Sapiro I have managed to stop the deluge of
subscriptions to my lists, but I am left with the problem of having over
20,000 pending subscriptions awaiting my administration.
What would be great is if there were a command line program I could run
to delete all pending subscription requests, is there such a thing?
John Elliot V
|_|_|O| Because every programmer needs a good club!
I've been using Mailman 2.1 for ages and I love it but recently I have a
problem with thousands of messages per day from spammers sending
On the Privacy options section I set 'advertised' to 'No' and
'subscribe_policy' to 'Require approval' but that doesn't work to stop
the subscription emails.
Is there a way to make a list 'invite only'? I tried to find such an
option but was unable to do so...
John Elliot V
|_|_|O| Because every programmer needs a good club!
Apologies for double posting. I sent this to the MM3 list by mistake earlier.
I'm hoping someone can shine a light on character encoding issue I've encountered.
A plain-text email with non-ascii characters in the body gets posted to the list.
As per Mark Sapiro's guide I've captured the incoming message to file.
The message is received by Mailman with the non-ascii characters displaying correctly.
The header of that message has:
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Content-Type: text/plain; charset=utf-8
In the list's mbox file and archive webpage, the message displays the non-ascii characters correctly.
In the archive's downloaded .txt (and also .gz) file, the non-ascii characters are missing and displayed as "?".
I've copied the message text in below, from both the correct one from the email and the erroneous .txt file. Hopefully they won't get scrambled up when I send this.
Any advice on getting the non-ascii characters written into the archive .txt file would be gratefully received.
=== Message text as okay in mbox and as shown on the archive webpage ===
If one goes by the definition of veḷippaṭai as given in the Tamil Lexicon that the meaning of an ambiguous word should be disambiguated by a qualifying word, then aruvi āmpal does not conform to that definition since in the case of aruvi āmpal in Patiṟṟuppattu 63, aruvi is really made up of aru+vi, a compound. Moreover, the expression aṭai aṭuppu aṟiyā is already there to clarify that āmpal is a number and not a flower. Thus, aruvi simply provides information in addition to aṭai aṭuppu aṟiyā that āmpal is not a flower. The modern commentator Aruḷampalavaṉār also does not call it veḷippaṭai.
=== Message text with missing characters in te archive's txt and gz downloads ==
If one goes by the definition of ve?ippa?ai as given in the Tamil Lexicon that the meaning of an ambiguous word should be disambiguated by a qualifying word, then aruvi ?mpal does not conform to that definition since in the case of aruvi ?mpal in Pati??uppattu 63, aruvi is really made up of aru+vi, a compound. Moreover, the expression a?ai a?uppu a?iy? is already there to clarify that ?mpal is a number and not a flower. Thus, aruvi simply provides information in addition to a?ai a?uppu a?iy? that ?mpal is not a flower. The modern commentator Aru?ampalava??r also does not call it ve?ippa?ai.
I figured there is not a way to do this but thought I would ask.
We usually don’t want archives on our lists (do not want to deal with archives), but want a way to see what lists are not being used. Is there a way to see list activity like last message for a list? Not even content of the message maybe just when the list last processed a message. I have come across lists that users are not using so I would like to be able to audit to see when a list was last used. We are on mailman2 but going to mailman3.
I think I know what is happening , but I want to make sure. A bunch of my list admins are getting bounces like below?
I think it is someone or probably a BOT, trying to subscribe to our lists, But they are using a bad email address so it bounces to the admin. (Our lists are set to confirm/approve for joining). I assume they are just trying to join any lists that don’t have confirm/approve to see if they can then get the users of the list, maybe, What else could they be trying to do?
I have seen a couple of different bad emails addresses used, so I just can’t ban this one, I am telling list admins to ignore them. But if they get worse I think they can set this setting to “NO”
Should Mailman send you, the list owner, any bounce messages that failed to be detected by the bounce processor? Yes is recommended.
(Details for bounce_unrecognized_goes_to_list_owner)
Which would stop these notifications? But it is recommended to leave it to “yes”.
Any other options ideas? Am I on the right track?
Here is a bounce example with our list info stripped.
Error: Invalid user address
Error message below:
550 - Requested action not taken: no such user here
Subject: confirm 174c7e02aa6603b72ba30e59c5e24c7fceebd826
Sent date: Wed Apr 14 23:08:48 UTC 2021
MAIL FROM: XXX-software-XXX-bounces(a)mailman.XXX.XXX
RCPT TO: 17323547559(a)vtext.com<mailto:firstname.lastname@example.org>
< XXX-software-XXX-request@ mailman.XXX.XXX >
Size: 11.3 KiB
I think I have a situation where someone is sending email to one of my lists request address ie (lista-requests(a)domain.com<mailto:email@example.com>) from an invalid email address (maybe spoofing the sending address). Or they may be able to trying to subscribe and entering an invalid email address on the wbesite.
So what happens is the list admins gets a bunch of bounces. What is the best way to stop this? If I add an email to the ban section for a list, will mailman drop any email or requests from them if they are spoofing as a sender or trying to subscribe?
This is a little embarrassing, but I thought y'all might deserve a
heads-up. Note, this is not a bug, except in my brain. And maybe
yours but probably not ;-).
A couple years ago I converted my Mailman 2 site from HTTP to HTTPS.
The site is visible externally to my university, thus HTTPS, but
almost entirely used for announcements, which partly explains how I
missed this (more on that later). I tried to release a held message
from the moderation page, and this failed repeatedly. Eventually I
realized that I wasn't getting a response page at all. I'm guessing
that what happened is this:
1. I added a virtual host on :443 in my Apache server config to
accept Mailman requests via HTTPS (the rest of the URLs are the
2. I added a global redirect rule that returns a redirect of every
HTTP request as an https: URL.
3. The request for moderation action gets redirected, invalidating
the CSRF cookie.
4. The redirected request has an invalid cookie, which gets ignored,
and it is discarded.
The fix is obvious: run bin/fix_url.py on all my lists.
You're allowed to laugh now, but try to not scare the fish. :-)
How I missed this, and you might too: because these are announcement
list configured to my normal usage, there's very little in the way of
web interaction on the moderation side, but list configuration works,
so I didn't notice it there. (I caught it this time because I got
moderated due to a very large post.) I don't understand why
moderation fails but list configuration works in my configuration (the
list configuration pages also have CSRF cookies).
If you care, ask and I'll figure it out. I probably should figure it
out since it suggests that some CSRF cookies may persist for more than
one request, or Mailman may somehow reissue the CSRF cookie in some
circumstances. Explanations that save me the effort appreciated! ;-)