[Mailman-Users] Migrating a list to a new email address

Wed May 20 15:38:01 CEST 2015

On 15/05/15 05:32, Bill Christensen wrote:
> I have a long running list with thousands of subscribers that needs to
> move to a new set of email addresses.
>
> The existing list is announce-only, so doesn't get a whole lot of
> traffic - typically at most a few outgoing emails a year.  But some time
> back a bot started sending spam registrations via hits to the web server
> in the form
>
>       <domain name>
> /mailman/subscribe.cgi/bwbnewsletter?email=<bogus_registrant>@<somedomain.tld><mailto:ruanwei12 at hotmail.com>&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe.
>
>
> I long ago routed real users to an alternative signup, but the spam
> keeps coming, unrelenting, and are now anywhere between 1k and 10k per day.

One of our lists was spammed in a similar way. The approach I took was 
to configure Apache to allow requests to /mailman/subscribe only when 
the referring page was on our server:

SetEnvIf Referer lists\.my\.domain localreferer

<Location /mailman/subscribe>
     Order deny,allow
     Deny from all
     Allow from env=localreferer
</Location>

-- 
David Osborne
University of Nottingham, UK

This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it. 

Please do not use, copy or disclose the information contained in this
message or in any attachment.  Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.

This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.