[Mailman-Users] Bogus/forged subscription attempts: request for comments and possibly data

Perry E. Metzger perry at piermont.com
Tue Jun 10 03:34:39 CEST 2014

On Mon, 09 Jun 2014 17:01:19 -0700 Mark Sapiro <mark at msapiro.net>
> They are spammers attempting to subscribe to your list(s) via POSTs
> to the web subscribe CGI. Presumably if they successfully
> subscribe, they will then spam the list.
> If you have Mailman 2.1.16 or later, you can mitigate this by
> setting
> SUBSCRIBE_FORM_SECRET = "Some site specific string"

Another option might be using fail2ban. Almost all of my attackers
come from the same few addresses in Vietnam. A few black hole routes
and they were history. I haven't bothered with fail2ban yet, but it
probably is a reasonable option.

(Mine all have ALLCAPS@ addresses.)

Perry E. Metzger		perry at piermont.com

More information about the Mailman-Users mailing list