On 12/05/2016 06:12 PM, vince@vheuser.com wrote:

Nope. Clueless. -- Pure gambling. So how do I block "subscribe spam". Currently I am being inundated-- one every 4 minutes.. Any suggestions appreciated.

First, back out any changes you made from https://bugs.launchpad.net/mailman/+bug/1082746.

Then put

SUBSCRIBE_FORM_SECRET = "some secret unique to your site"

(replacing "some secret unique to your site" with your own secret string) in mm_cfg.py.

This may or may not help much. The bots that have been attacking the python.org lists from time to time have figured out to GET the form first and delay before submitting it. The best we can do is use the GLOBAL_BAN_LIST feature implemented in 2.1.21, and without that put patterns in every list's ban_list.

The latest one only lasted for a few days. the last few were blocked with patterns like

'^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com', '^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com', '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com',

They tend to be a constant user name at gmail.com with all combinations of interspersed dots (which gmail ignores).

There is a script at <https://www.msapiro.net/scripts/add_banned.py> that can be used to add a pattern to all list's ban_list and a script at <https://www.msapiro.net/scripts/erase> that can be used to remove all the pending subs, etc. for a pattern.

-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan