[Mailman-Users] Mailman Security
Brian Carpenter
brian at emwd.com
Thu Jan 19 10:55:42 EST 2017
> I have a situation which is a little confusing on a server where I run
> Mailman. The subscription model is "confirm & approve"
>
> When I check the MTA's queue, I find hundreds of mail destined to certain
> addresses, and one address could have 10 or more same mail destined to it.
> I cleared the queue before checking the contents of these e-mails, but I
> assume they were those 'confirm your subscription' ones to these
addresses,
> because I can see the addresses in in Mailman's subscribe logfile.
>
> Now this got me thinking: Once one has submitted a subscription request
and
> Mailman has dispatched the 'confirm' email, shouldn't mailman decline any
> further subscription requests from the same address if they decide to
> submit such, and as such shouldn't send any other confirm/verification
> requests as long as there is one still pending??
>
> I am talking about a situation leading to a subscribe logfile like the one
> at: http://bit.ly/2iFv5vi
>
> Might I be missing something in my list configuration???
Subscription spam which is what I think you are experiencing has been dealt
with to a certain degree by recent versions of mailman. The following two
functions I believe would be of assistance are:
SUBSCRIBE_FORM_SECRET
GLOBAL_BAN_LIST
There is some detail information about them in Defaults.py I believe.
Brian Carpenter
EMWD, Owner
Providing Cloud Services and Mailman hosting for over 18 years.
More information about the Mailman-Users
mailing list