[Mailman-Users] Subscribe Spam solution
Mark Sapiro
mark at msapiro.net
Mon Dec 5 21:57:25 EST 2016
On 12/05/2016 06:12 PM, vince at vheuser.com wrote:
> Nope. Clueless. -- Pure gambling.
> So how do I block "subscribe spam".
> Currently I am being inundated-- one every 4 minutes..
> Any suggestions appreciated.
First, back out any changes you made from
https://bugs.launchpad.net/mailman/+bug/1082746.
Then put
SUBSCRIBE_FORM_SECRET = "some secret unique to your site"
(replacing "some secret unique to your site" with your own secret
string) in mm_cfg.py.
This may or may not help much. The bots that have been attacking the
python.org lists from time to time have figured out to GET the form
first and delay before submitting it. The best we can do is use the
GLOBAL_BAN_LIST feature implemented in 2.1.21, and without that put
patterns in every list's ban_list.
The latest one only lasted for a few days. the last few were blocked
with patterns like
'^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com',
'^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com',
'^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com',
They tend to be a constant user name at gmail.com with all combinations
of interspersed dots (which gmail ignores).
There is a script at <https://www.msapiro.net/scripts/add_banned.py>
that can be used to add a pattern to all list's ban_list and a script at
<https://www.msapiro.net/scripts/erase> that can be used to remove all
the pending subs, etc. for a pattern.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list