Greetings,
I’ve noticed that I have in my mailman installation (version 2.1.9.) a lot of pending.pck.tmp.XXXXXXX files in several mailing lists directories /home/mailman/lists/LISTNAME:
-rw-rw---- 1 apache mailman 6353027 Jan 17 11:02 pending.pck -rw-rw---- 1 apache mailman 711556 Oct 26 17:23 pending.pck.tmp.1000.1509035033 -rw-rw---- 1 apache mailman 14136390 Oct 26 17:24 pending.pck.tmp.1017.1509035052 -rw-rw---- 1 apache mailman 1260000 Jan 6 2017 pending.pck.tmp.10183.1483700222 -rw-rw-— 1 apache mailman 16083210 Aug 24 17:26 pending.pck.tmp.10631.1503592014
The contents of those files are subscriptions notifications.
Here is part of the output using /mailman/bin/dumpdb -p
Is it safe to delete those files ?
Thanks in advance,
João
On 01/17/2018 03:19 AM, João Sá Marta wrote:
Greetings,
I’ve noticed that I have in my mailman installation (version 2.1.9.) a lot of pending.pck.tmp.XXXXXXX files in several mailing lists directories /home/mailman/lists/LISTNAME:
-rw-rw---- 1 apache mailman 6353027 Jan 17 11:02 pending.pck
This is the real Pending database. It's size is way too big. It contains the tokens for things like Subscruptions, Unsubscriptions, Held messages, etc waiting some kind of confirmation. Requests older than PENDING_REQUEST_LIFE (default 3 days) are expunged so it's hard to imagine why it is that big.
-rw-rw---- 1 apache mailman 711556 Oct 26 17:23 pending.pck.tmp.1000.1509035033 -rw-rw---- 1 apache mailman 14136390 Oct 26 17:24 pending.pck.tmp.1017.1509035052 -rw-rw---- 1 apache mailman 1260000 Jan 6 2017 pending.pck.tmp.10183.1483700222 -rw-rw-— 1 apache mailman 16083210 Aug 24 17:26 pending.pck.tmp.10631.1503592014
These are orphaned files and can be removed. When the Pending module saves the file, it saves it to pending.pck.tmp.ppp.tttt (ppp is the PID of the process and tttt is a timestamp) and after successful saving renames the pending.pck.tmp.ppp.tttt as pending.pck, so there should never be any of these files left around.
You need to look at Mailman's 'error' log for entries with time stamps like those files for clues as to what's going wrong.
Also, see the script at https://www.msapiro.net/scripts/list_pending (mirrored at https://fog.ccsf.edu/~msapiro/scripts/list_pending) for a slightly more human friendly listing of the pending db.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi Mark,
Thank you for your information. I’ve been using Mailman since 2000. I also contributed to Portuguese translation some years ago.
Great software. I have about 500 mailing lists, and have done some integration with Mhonarch.
This is the real Pending database. It's size is way too big. It contains the tokens for things like Subscruptions, Unsubscriptions, Held messages, etc waiting some kind of confirmation. Requests older than PENDING_REQUEST_LIFE (default 3 days) are expunged so it's hard to imagine why it is that big.
I guess that’s caused by spam. Looked at my httpd logs and I’ve found a site ( http://www.skyju.cc/mailhzj.html http://www.skyju.cc/mailhzj.html) that is a spam bomber and it sends subscription requests to 500 mailman lists spreaded all over the world.
Just look at the page source of http://www.skyju.cc/mailhzj.html http://www.skyju.cc/mailhzj.html. One of my mailing lists is listed there. There’s the code of that page that sends a subscription request to one of my mailing lists :document.write(“
I am going to put some apache rewrite rules to prevent this, but I don’t know if this is the best way to prevent that kind of spam.
Please let me know if you have a better way to deal with this spam.
Thanks again,
João Maria Montezuma Carvalho de Sá Marta Especialista de Informática
Universidade de Coimbra · Administração SGSIIC – Gestão de Sistemas e Infraestruturas de Informação e Comunicação Divisão de Sistemas de Informação Rua Arco da Traição · 3003-056 · Coimbra · Portugal Tel. | Phone: +351 239 242 885 E-mail joao.sa.marta@uc.pt
www.uc.pt/administracao http://www.uc.pt/administracao
Este email pretende ser amigo do ambiente. Pondere antes de o imprimir! A Universidade de Coimbra dá preferência a produtos e serviços com menor impacto ambiental.
On 01/18/2018 06:19 AM, João Sá Marta wrote:
There’s the code of that page that sends a subscription request to one of my mailing lists :document.write(“
I am going to put some apache rewrite rules to prevent this, but I don’t know if this is the best way to prevent that kind of spam.
Please let me know if you have a better way to deal with this spam.
We have seen some of this in the past. If the subscribed addresses ("+spam_id+" in the above) are such that you can create a regexp to match them and not match potential real subscribers, you can add such regexps to GLOBAL_BAN_LIST. Some that we have used in the past are:
^.*\+.*\d{3,}@ ^.*@kezukaya\.com$ ^[.a-z0-9]{8,}\+[0-9]{4,}@gmail\.com$ ^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com ^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com ^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com
Also, you need to set SUBSCRIBE_FORM_SECRET in mm_cfg.py to some string unique to your site to force a GET of the listinfo page to get a hidden token that needs to be submitted along with the other data to the 'subscribe' URL. See the documentation of SUBSCRIBE_FORM_SECRET in Defaults.py
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
João Sá Marta
-
João Sá Marta
-
Mark Sapiro