[Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Brad Knowles brad at shub-internet.org
Tue Oct 23 18:51:36 CEST 2012

On Oct 23, 2012, at 9:28 AM, "Kalbfleisch, Gary" <GaryK at shoreline.edu> wrote:

> As a result of this activity I have changed all lists so that confirmation is required for all subscriptions, and only list owners can view the list of subscribers.  The confirmations don't actually solve the email bombing problem but it will keep bogus subscriptions to a minimum.  I have implemented some iptables filters as noted previously but I have not yet opened up the web interface externally.  I have been monitoring traffic directed to port 80 on my Mailman server and it has gone down significantly since I put up the block.  I may open it up again next week to see how my iptables filters work.

BTW, all the general speculation and conversation about CAPTCHAs, etc... notwithstanding, you do clearly have a real operational problem today.

For your specific issue, I would recommend keeping your proposed solutions as relatively simple as possible, and layer them.  Requiring confirmation is a good simple solution to a number of problems, as is restricting the ability to see list membership to only those people who are list owners.

In my experience, KISS+layering almost always beats solutions that are complex from Day One.

Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the Mailman-Users mailing list