[Mailman-Users] Subscription Form Spam -- It continues . . .

Mark Sapiro mark at msapiro.net
Thu Oct 8 18:44:17 CEST 2015

On 10/08/2015 07:51 AM, Rich Kulawiec wrote:
> I'd be curiously to see the logs for these.  (I intend to check
> them against various address range lists to see if the originating
> IP addresses correlate with anything else I'm tracking.)

The results from

grep -E 'GET /mailman/listinfo|POST /mailman/subscribe'

are available at


This covers from Oct 4 to date CEST and is over 70 MB. Some of the GETs
are legitimate retrievals of listinfo pages, but most are associated
with these subscribe attempts. And, of course a few GET/POST sequences
are legitimate subscribe requests, but the vast majority are these bogus

A large number of POSTs have 401 status. These are generated by
mod-spamhaus which applies to


and uses

MS_Dns list.blogspambl.com

> If they're
> coming from botted hosts, then (as noted in the thread) using the XBL
> or similar may help.  If they're coming from hijacked networks, then
> the DROP/EDROP lists may help.  If they're coming from...well, without
> analyzing the data and looking for patterns, it's hard to say what
> will help.  But I'm certainly willing to put in some time scripting
> and eyeballing even though the most likely outcome is nothing useful.

Thank you. Your help will be appreciated.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list