[Mailman-Users] Automated Subscription Bots Inundating ListOwners With Subscription Requests

Mark Sapiro mark at msapiro.net
Sat Nov 17 17:33:03 CET 2012

Petersen, Kirsten J - NET wrote:
>Today I realized that all of the lists involved in this attack have their subscribe_policy set to just "require approval" rather "confirm" or "confirm and approve".  So I think the theory that spammers were just trying to get on the lists to harvest member addresses is probably correct.

Most likely, they are hitting all your lists but not answering
confirmation requests because the bots don't know how or the
confirmation requests are going to invalid or spoofed addresses.

>My folks are beating down my door for a solution, too, and I can't think of a good one.  We host lists for the international community, so any measure I take that makes it harder for external people to subscribe will negatively impact intended use.  I am going to advise my list admins to enable confirmation, which should discourage these attempts.

It seems this is a solution.

>It also occurred to me that I could write a script to monitor the vette log and purge requests that look suspicious - mainly based on the same email address attempting to subscribe to multiple unrelated lists at the same time.
>If anyone else has any bright ideas about this problem, I would love to hear it.

For some time, there has been a withlist script, discard_address.py, at
<http://www.msapiro.net/scripts/> (mirrored at
<http://fog.ccsf.cc.ca.us/~msapiro/scripts/>) which would discard all
subscription requests and help posts from a specific address. While
this it probably not too useful here, I have just created a new
discard_subs.py script available at the same place which will discard
all held subscription requests older than N days (can be 0) for a list
or all lists.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list