[Mailman-Users] Subscription flood

Mark Sapiro mark at msapiro.net
Fri May 9 22:19:12 CEST 2014

On 05/09/2014 12:12 PM, Bill Christensen wrote:
> Is there a way that I can just have it affect this one problematic
> list?  If I change the name of cgi-bin/subscribe and any references to
> it (at least until the next update), do you think that will make a
> difference?

It seems to me the easiest way to do this is to apply the attached patch
to Mailman/Cgi/subscribe.py. Change problem_list to the actual list name
and if you don't want the logging, remove the syslog line.

But as others have suggested, look at your web server logs (or the
subscribe confirmation emails) to get the IP address(es) that are
submitting them. If they all come from a single IP or netblock, block
that with iptables or whatever firewall you have.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------
--- subscribe.py	2014-05-09 12:30:58.295498380 -0700
+++ subscribex.py	2014-05-09 13:03:34.567535107 -0700
@@ -54,6 +54,15 @@
     listname = parts[0].lower()
+    if listname = 'problem_list':
+        safelistname = Utils.websafe(listname)
+        doc.AddItem(Header(2, _("Error")))
+        doc.AddItem(Bold(_('Web subscribe not allowed <em>%(safelistname)s</em>')))
+        # Send this with a 403 status.
+        print 'Status: 403 Forbidden'
+        print doc.Format()
+        syslog('vette', 'subscribe: Forbidden list "%s": %s\n', listname, e)
+        return
         mlist = MailList.MailList(listname, lock=0)
     except Errors.MMListError, e:

More information about the Mailman-Users mailing list