Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Don't assume that I don't have the skills. I have been building the linux os from source since long before most people even heard of the Internet. I manage my time very carefully, and mailman is a very small part of what I do. The newest version of mailman does not resolve any of the issues

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On Mon, 2012-10-29 at 21:04 +, Kalbfleisch, Gary wrote: > I like to stick with packages when possible because it makes > maintenance much easier. As do I. There are times, however, when mission-critical packages in a distribution are outdated, or absent, or broken and building from source is

Re: [Mailman-Users] POST based subscribe attacks

Ben Cooksley writes: > A pity, as the subscription form definitely could do with the same > form of protection. Think about what you're saying. "Open subscription" either means open subscription, or an admin has to do all the work. There's no third way. (Well, there is, but it only applies t

Re: [Mailman-Users] mailan and postfix config problems

On 10/29/2012 12:36 PM, Mark Sapiro wrote: > soportek wrote: > > [...] >> >> I know this is postfix related but I am follwing the postfix config >> INSTALL instructions from /var/lib/mailman/bin/postfix-to-mailman.py > [...] > First see the FAQ at . > > Then see the

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

I like to stick with packages when possible because it makes maintenance much easier. This is really a non-issue since the current version of Mailman does not have a fix for this problem. Thank you, -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community Co

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On Mon, 2012-10-29 at 14:14 -0500, Lindsay Haisley wrote: > On Mon, 2012-10-29 at 11:43 -0700, Mark Sapiro wrote: > > See and the Mailman-Developers post linked > > therefrom. It's probably out of date and does not directly address the > > issue of making this informat

Re: [Mailman-Users] POST based subscribe attacks

On Tue, Oct 30, 2012 at 6:40 AM, Mark Sapiro wrote: > Ben Cooksley wrote: >> >>It seems that the attackers are capitalizing on Mailman's lack of CSRF >>protection. Does anyone know if there are plans to add CSRF protection >>into Mailman 2? > > > It depends what you mean by CSRF protection. If you

Re: [Mailman-Users] POST based subscribe attacks

* Ben Cooksley : > Hi all, > > We at KDE are currently experiencing attacks upon our Mailman > installation, attempting to subscribe random email addresses (which > more often than not are valid unfortunately). These attacks are > conducted essentially through performing mass HTTP POST requests to

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On Mon, 2012-10-29 at 11:43 -0700, Mark Sapiro wrote: > See and the Mailman-Developers post linked > therefrom. It's probably out of date and does not directly address the > issue of making this information available as part of the 3rd party > package, but it is probab

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On 10/29/2012 11:25 AM, Lindsay Haisley wrote: > On Thu, 2012-10-18 at 23:53 +, Kalbfleisch, Gary wrote: >> I am running 2.1.9 because that is the latest version available from >> Redhat as a package. > > It's relatively simple to install Mailman from the source package, but > one thing that w

Re: [Mailman-Users] mailan and postfix config problems

soportek wrote: [...] > >I know this is postfix related but I am follwing the postfix config >INSTALL instructions from /var/lib/mailman/bin/postfix-to-mailman.py [...] >I have also read these guides which provide more or less identical >instructions. >http://wiki.debian.org/Postfix#Mailman_with_P

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On Thu, 2012-10-18 at 23:53 +, Kalbfleisch, Gary wrote: > I am running 2.1.9 because that is the latest version available from > Redhat as a package. It's relatively simple to install Mailman from the source package, but one thing that would help a great deal with this would be default inclusi

Re: [Mailman-Users] Mailman Downgrade from 2.1.15 to 2.1.13 possible ?

Torsten Giebl wrote: > > >Is a downgrade from Mailman 2.1.15 to 2.1.13 possible ? >I know downgrades are not officially supported. >If it is possible, what do i have to do ? It should be possible without problems, but why do you want to do this. Perhaps what you want to accomplish can be done by

Re: [Mailman-Users] POST based subscribe attacks

Ben Cooksley wrote: > >It seems that the attackers are capitalizing on Mailman's lack of CSRF >protection. Does anyone know if there are plans to add CSRF protection >into Mailman 2? It depends what you mean by CSRF protection. If you mean true protection based on something like the addition and

[Mailman-Users] mailan and postfix config problems

I am migrating mailman lists from somedomain.org to lists.somedomain.org I can create new lists for lists.somedomain.org and receive mail from the list but sending mail to lists.somedomain.org results in " Recipient address rejected: User unknown;" I know this is postfix related but I am follwin

Re: [Mailman-Users] POST based subscribe attacks

On 10/28/2012 1:27 PM, Ben Cooksley wrote: Alternately, is anyone aware of any form of CAPTCHA protection which can be applied to Mailman? There was a recent thread that discussed this very thing: starting at http://www.mail-archive.com/mailman-users%40python.org/msg61769.html. z!

[Mailman-Users] POST based subscribe attacks

Hi all, We at KDE are currently experiencing attacks upon our Mailman installation, attempting to subscribe random email addresses (which more often than not are valid unfortunately). These attacks are conducted essentially through performing mass HTTP POST requests to /subscribe/listname with few

[Mailman-Users] Mailman Downgrade from 2.1.15 to 2.1.13 possible ?

Hello ! Is a downgrade from Mailman 2.1.15 to 2.1.13 possible ? I know downgrades are not officially supported. If it is possible, what do i have to do ? Thanks. -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/m