[Mailman-Users] Malicious Third-Party Unsubscription Requests
Hi, I'm experiencing mailbombing via spoofed unsubscription and subscription requests from mailman lists. Mostly unsubscription requests from a mailman 2.1 list. I have a mental disability and the mailbombing is confusing and taxing to me. Is there any configuration option I can ask the list administrator to enable, to require my password to be provided before the confirmations are sent to me? If this configuration option does not exist yet, could anybody advise what sourcefiles would need modification so as to contribute it as a feature addition? Thanks a bunch, Karl Semich -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] DOS vulnerability, gmail and yahoo
Hi mailman-users, So you know, it looks like there is a vulnerability with mailman 2 where a third party can very aggressively spoof password reminder, unsubscription, or other requests using the web interface, queueing tens of thousands of unsolicited messages to any given subscriber. Worse, if this is done to a user of gmail or yahoo, the receiving hosts may block the mailserver’s ip address generally, preventing the delivery of legitimate list content to other subscribers using the same provider. There should probably be a rate limit on the web interface, although I understand mailman 2 is no longer developed. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
