On 01/12/2016 01:18 AM, Andrew Daviel wrote: > > In the last few days we've seen several thousand bogus subscription > requests for various lists we host, send through the web interface. They > seem to mostly originate in China. > > We see log entries such as /var/log/mailman/subscribe > Jan 11 20:50:30 2016 (27666) grsi-users: pending > hellocatboots+80339...@gmail.com 221.178.182.31 > and in the webserver logs > 221.178.182.31 - - [10/Jan/2016:03:27:18 -0800] "POST > /mailman/subscribe/grsi-users HTTP/1.1" 200 > > I'm not sure what the point is - a DoS attack on a few users, perhaps. I > see that gmail gives you infinite aliases, so that > hellocatboots+80339132 is the same as hellocatboots+96529...@gmail.com
There are threads on this in the archives of this list. See threads containing the posts <https://mail.python.org/pipermail/mailman-users/2015-September/079829.html> and <https://mail.python.org/pipermail/mailman-users/2015-September/079844.html> and perhaps the thread starting at https://mail.python.org/pipermail/mailman-users/2015-September/079855.html. For the @python.org lists, we use the regexp '^.*\+.*\d{3,}@' in the newly implemented, not yet released GLOBAL_BAN_LIST to ban all addresses with a '+' followed by anything followed by at least 3 digits up to the '@'. Read <https://mail.python.org/pipermail/mailman-users/2015-September/079844.html> for more on that. It's been effective so far. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
