[Mailman-Users] Deleting pending.pck.tmp files

Mark Sapiro mark at msapiro.net
Thu Jan 18 14:13:33 EST 2018

On 01/18/2018 06:19 AM, João Sá Marta wrote:

> There’s the code of that page that sends a subscription request to one of my mailing lists
> :document.write(“<iframe frameborder=‘0’ src=‘http://ml.ci.uc.pt/mailman/subscribe/archport?email="+spam_id+"&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe' width='0' height='0'></iframe>");
> I am going to put some apache rewrite rules to prevent this, but I don’t know if this is the best way to prevent that kind of spam.
> Please let me know if you have a better way to deal with this spam.

We have seen some of this in the past. If the subscribed addresses
("+spam_id+" in the above) are such that you can create a regexp to
match them and not match potential real subscribers, you can add such
regexps to GLOBAL_BAN_LIST. Some that we have used in the past are:


Also, you need to set SUBSCRIBE_FORM_SECRET in mm_cfg.py to some string
unique to your site to force a GET of the listinfo page to get a hidden
token that needs to be submitted along with the other data to the
'subscribe' URL. See the documentation of SUBSCRIBE_FORM_SECRET in

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list