[Mailman-Users] Spam Subscriptions

[Mark Sapiro]

On 06/02/2018 06:55 PM, David Andrews wrote:
> 
> Does anyone have any solution for dealing with spam subscriptions from
> gmail
> addresses?
> The requests are coming from random addresses that contain a few words, a
> plus sign, then another random string of characters.


I use this regexp in the GLOBAL_BAN_LIST

^[0-9a-z.]{8,}\+[0-9a-z]{4,}@gmail\.com$

That blocks subscribe attempts from any address which is 8 or more
letters, digits and periods followed by a plus followed by 4 or more
letters and digits @gmail.com.

Recently, I've seen some with only 6 letters before the + so you might
reduce {8,} to {6,}. I think I'll try that too.

I also have

^.*\+.*\d{3,}@

which blocks anything with a + followed by anything ending in 3 or more
digits. Scanning the membership of all the Mailman 2.1 lists @python.org
(over 132K addresses) shows only 10 matches 4 of which were members of
the python-3000 at python.org with addresses .*+python-3000 at .* and the
other 6 were nabble.com or googlegroups.com, so it's very unlikely that
legitimate regular subscribers will match that.

The advantage of the global ban list for this is all the ones I've seen
are web subscribes. This blocks them with a web response and doesn't
send any confirmation email.


> We are getting hundreds of held subscription messages per day. Is blocking
> this kind of thing through Exim an option? We are using cpanel. 


If these as I've seen are all web subscribes, the only thing you could
do in Exim is drop the outgoing confirmation email, but banning them
stops the subscribe attempt before any mail is sent.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan