On 08/08/2017 10:22 AM, David Gibbs wrote: > > Anyone else noticing a distributed mass subscribe attack going on their > lists? > > I've noticed a massive number of attempts a small subset of email > addresses, with modifiers ([email protected]), going on. > > It appears the address is valid ... so it appears to be some kind of hit > job to flood someone's inbox. > > Luckily the address's are trivial to block using 'ban_list'.
I've seen this on mail.python.org in the past but not recently. Both the form you mention and a [email protected] form with dots interspersed in the local part (which gmail ignores). I agree that it appears to be some kind of hit job to flood someone's inbox. It is this kind of attack that motivated the GLOBAL_BAN_LIST feature in MM 2.1.21. What I've seen recently is massive non-member posts in chinese to [email protected] from addresses of the form [email protected] and some at 163.com. After waking up to 2000+ held message notifications a while back, I now block these with a Postfix header_checks rule /^From:.*<.*[0-9]{4}.*@(qq|163)\.com>/ REJECT Go away you F*ing mail bomber I am still seeing a few from various @163.com addresses, but I am now (temporarily?) discarding non-member posts, so I only see them in logs if I look. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
