July 29, 2021
10:05 p.m.
Thanks to everyone for the great replies.
davidg> I have it setup, but it's not very sophisticated ...
failregex = .*\/<HOST>\s+-\s+-\s+\[.*\]\s+"POST\s+\/mailman\/subscribe
It's just looking for repeated subscribe attempts.
Thanks David! What are you using for maxretry, findtime, bantime, etc., in jail.local (or whatever)? I find it's often as hard to figure out good values for those as to write the regexps ...
marks> Actually, it is in Mailman 2.1.30. Set
REFUSE_SECOND_PENDING = Yes
in mm_cfg.py to enable it.
Thanks Mark! I've been using the mailman from my distro, which is (sigh) older. I'll look into going back to installing mailman from scratch, as I've done before.
jonb> You can probably do this with a procmail filter before anything hits
I'm not sure. My impression is the bad guys are hitting the subscribe cgi directly, not sending mail requests. But procmail could work for mail floods, for sure.
Sorry about not working out the details, but I thought it might be
better to say something rather than nothing.
Definitely :).
Thanks again, Karl