Hello Am 21.08.20 um 09:53 schrieb Lucio Chiappetti: > I am maintaining a list on mailman 2.1.18 on a server I have no control > (actually it is some 1000's km from here). The list is absolutely > closed, reserved to a committee with a small membership which is > updated, if any, every severl years. > > In the last days the list is receiving subscription requests from odd > addresses, apparently in couples. When I found two of them yesterday, I > rejected them with a notice "list usage reserved ....". Today I found a > mail announcing two further requests, and when I entered the > administrative interface found two more. > > I would like to close completely the list from subscription requests (so > that they can be inserted only by the administrators). > > I thought to set ban_list ^.*@.* > > Is there any other better option ? > Will the ban_list interfere with existing subscriptions ? >
This is a known attack wave, running since 2 days now. Where Skripts use the web interface to subscribe a lot of email addresses. I do not know how to disable the subscription page altogether. I assume Mark will comment on that :-) We are mitigating this by: * subscription requires admin to agree * Hardening web interface with settings in mm_cfg.py: SUBSCRIBE_FORM_SECRET SUBSCRIBE_FORM_MIN_TIME BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE RECAPTCHA_SITE_KEY RECAPTCHA_SECRET_KEY Kind regards, Christian Mack ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
