Re: [Mailman-Users] Mailman Security

Thu, 19 Jan 2017 13:32:18 -0800 

On 01/19/2017 11:35 AM, Odhiambo Washington wrote:
> On 19 January 2017 at 21:22, Mark Sapiro <m...@msapiro.net> wrote:
>>
>> Look at some of the hits from searching at
>> <http://www.mail-archive.com/mailman-users%40python.org/> for
>> global_ban_list.
>>
> 
> 
> Seen that. Usable, but not everything, given that some addresses on my list
> are well-known free mail providers.


You don't want to block entire domains. You want to use regexps that are
tailored to the attacks you are seeing. This means you can't be
proactive in blocking attacks in advance, but if you run some kind of
Mailman log summary such as the mmdsr program distributed with Mailman
in the contrib/ directory, you'll see attacks within a day of when they
start and can react. Some patterns I have used that have been effective
against past attacks are:

  '^[a-z0-9.]{8,}\+[a-z0-9]{4,}@gmail\.com$',
  '^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com',
  '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com',
  '^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com',

Also, there is a script at <https://www.msapiro.net/scripts/erase>
(mirrored at <https://fog.ccsf.edu/~msapiro/scripts/erase>) that is
described as:

Remove an address or all addresses matching a regexp from the
installation. I.e. for every list, if the address is a member, it is
removed. If there are any held posts or (un)subscription requests from
the address, they are removed too. Optionally, any subscription requests
from the address waiting user confirmation are also removed.

that can be used to remove the successful ones.

-- 
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to