[Mailman-Users] Mailman Security
Mark Sapiro
mark at msapiro.net
Thu Jan 19 16:30:29 EST 2017
On 01/19/2017 11:35 AM, Odhiambo Washington wrote:
> On 19 January 2017 at 21:22, Mark Sapiro <mark at msapiro.net> wrote:
>>
>> Look at some of the hits from searching at
>> <http://www.mail-archive.com/mailman-users%40python.org/> for
>> global_ban_list.
>>
>
>
> Seen that. Usable, but not everything, given that some addresses on my list
> are well-known free mail providers.
You don't want to block entire domains. You want to use regexps that are
tailored to the attacks you are seeing. This means you can't be
proactive in blocking attacks in advance, but if you run some kind of
Mailman log summary such as the mmdsr program distributed with Mailman
in the contrib/ directory, you'll see attacks within a day of when they
start and can react. Some patterns I have used that have been effective
against past attacks are:
'^[a-z0-9.]{8,}\+[a-z0-9]{4,}@gmail\.com$',
'^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com',
'^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com',
'^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com',
Also, there is a script at <https://www.msapiro.net/scripts/erase>
(mirrored at <https://fog.ccsf.edu/~msapiro/scripts/erase>) that is
described as:
Remove an address or all addresses matching a regexp from the
installation. I.e. for every list, if the address is a member, it is
removed. If there are any held posts or (un)subscription requests from
the address, they are removed too. Optionally, any subscription requests
from the address waiting user confirmation are also removed.
that can be used to remove the successful ones.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list