Max writes:
I would have expected that Mailman shows the user/bot a message saying: Hey simon1234@gmail.com, you already have a pending signup request, please be patient while the moderators are reviewing your request.
I don't think that information is readily available to the subscription request handler. The database Mailman 2 uses is simple and foolproof for its own purposes: each request is processed immediately, any emails etc are sent, and the request ends up in a file with a unique name ordered by time of receipt.
It wouldn't be hard to keep an auxiliary database with request addresses in it so we could easily check for duplicates, but it doesn't simplify things very much because both moderators and subscribers lose mail, either by mistake or because they have a strict filter. So we'll just send another confirmation response anyway because there's a good chance that they didn't get the first.
Obviously that doesn't apply to the kind of attack your site is facing, but it's very unusual for a list to be attacked this way in my experience.
Instead all moderators get the same signup request email from the same email address every minute for hours.
In 'General Options' set admin_immed_notify to No, and only one mail will be sent per day.
Steve