On 09/16/2018 07:44 AM, Peter Shute wrote:
At least one member of our list has received an unexpected email from the list server requesting confirmation of unsubscription. It looks to me like someone has filled in this member's address on the unsubscription form on their behalf in an attempt to remove them from the list.
Or, if you have a personalized unsubscribe link in a list footer like this list does, the list member replied to or forwarded a list post without removing the quoted footer and a recipient clicked it maliciously, inadvertently or thinking she was unsubscribing herself.
Is there any way for us to monitor these attempts?
You could analyze your web server logs looking for POSTs to the list's options page, however that won't show you the POST data so won't be too useful.
Alternatively, you could modify the ConfirmUnsubscription method in Mailman/MailList.py to log the event in addition to sending the confirmation email, or perhaps more simply, change the lines
msg = Message.UserNotification(
addr, self.GetRequestEmail(cookie),
text=text, lang=lang)
in that method to
msg = Message.UserNotification(
[addr, 'other@example.com'], self.GetRequestEmail(cookie),
text=text, lang=lang)
to effectively Bcc: all such notices to other@example.com.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan