[ mailman-Bugs-1448537 ] Limit number of subscribe requests in a period

SourceForge.net noreply at sourceforge.net
Mon Mar 13 04:19:57 CET 2006


Bugs item #1448537, was opened at 2006-03-12 23:30
Message generated for change (Comment added) made by tkikuchi
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1448537&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: security/privacy
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: EricB (eric_black)
Assigned to: Nobody/Anonymous (nobody)
Summary: Limit number of subscribe requests in a period

Initial Comment:
Add limits (number of requests in a day, and minimum
number of days before resetting the counter) to the
number of subscribe requests for an email address. 
Defaults would be 1 request in 1 day.

This is needed to prevent malicious mailbombing of an
innocent victim by someone repeatedly submitting their
address.  Currently the victim gets the verify.txt
template email for each submission.

----------------------------------------------------------------------

>Comment By: Tokio Kikuchi (tkikuchi)
Date: 2006-03-13 03:19

Message:
Logged In: YES 
user_id=67709

You can suppress sending confirmation by putting the
victim's email address in ban_list from the admin page
(privacy section), if she/he is not willing to be added in
your list.  This may not work if the malicious user forges
the 'From:' header.  In this case, the victim may well
introduce some mail filter to get junk mails discarded
before they reach her/his eyes.


----------------------------------------------------------------------

Comment By: EricB (eric_black)
Date: 2006-03-12 23:47

Message:
Logged In: YES 
user_id=1474448

BTW, I've been running 2.1.5 with this problem, and 2.1.7
still exhibits the vulnerability.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1448537&group_id=103


More information about the Mailman-coders mailing list