On Thu Jan 09 08:20:26 2014, [email protected] wrote: > Would it be possible to automatically discard subscription requests > from emails that are already in the queue?
I've been digging a bit about this recently but seems Mailman not including a captcha on the subscription form has been the cause of the huge spam we're receiving lately. Subscribing to a mailing list is as easy as sending a POST to one of the hosted mailing lists and providing a fake email and password and triggering the subscription process. This obviously can be achieved by generating multiple POST requests with a bot that generates a fake email and a random password and connects to our mailman installation. After a first look at the configuration of the release-team mailing list it seems 'subscription_policy' is set to be 'Approval' which means you will be triggered by any fraudolent subscription request the list will receive. Given the bots won't be able to verify their confirmation email moving the subscription_policy to 'Confirm and Approve' will fix the problem for the list. I did the change myself now, hopefully Mailman 3 will bring some more tools to prevent these kind of issues. -- Andrea, GNOME Sysadmin GNOME Accounts Team GNOME Membership & Elections Committee Chairman ---------------------------------------------------- This message was sent via GNOME.org Request Tracker. _______________________________________________ gnome-infrastructure mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
