On 01/19/2017 11:35 AM, Odhiambo Washington wrote: > On 19 January 2017 at 21:22, Mark Sapiro <m...@msapiro.net> wrote: >> >> Look at some of the hits from searching at >> <http://www.mail-archive.com/mailman-users%40python.org/> for >> global_ban_list. >> > > > Seen that. Usable, but not everything, given that some addresses on my list > are well-known free mail providers.
You don't want to block entire domains. You want to use regexps that are tailored to the attacks you are seeing. This means you can't be proactive in blocking attacks in advance, but if you run some kind of Mailman log summary such as the mmdsr program distributed with Mailman in the contrib/ directory, you'll see attacks within a day of when they start and can react. Some patterns I have used that have been effective against past attacks are: '^[a-z0-9.]{8,}\+[a-z0-9]{4,}@gmail\.com$', '^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com', '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com', '^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com', Also, there is a script at <https://www.msapiro.net/scripts/erase> (mirrored at <https://fog.ccsf.edu/~msapiro/scripts/erase>) that is described as: Remove an address or all addresses matching a regexp from the installation. I.e. for every list, if the address is a member, it is removed. If there are any held posts or (un)subscription requests from the address, they are removed too. Optionally, any subscription requests from the address waiting user confirmation are also removed. that can be used to remove the successful ones. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org