A couple months ago I asked a question and got a response from Mark Sapiro, see below. We are having trouble implementing anything. We are trying recaptcha, but it isn't popular with our users, thousands of whom are blind. Here is what my Linux guy asks:

Does anyone have any solution for dealing with spam subscriptions from gmail
addresses?
The requests are coming from random addresses that contain a few words, a
plus sign, then another random string of characters. I can't figure out how
we block this without blocking all addresses with plus characters in them,
which is not a good option.
We are getting hundreds of held subscription messages per day. Is blocking
this kind of thing through Exim an option? We are using cpanel.


p.s. The number of messages is causing my ISP to throttle my e-mail!

Dave


At 01:50 PM 2/23/2018, Mark Sapiro wrote:
On 02/23/2018 07:07 AM, David Andrews wrote: > > I have just two lists that receive a bunch of spam subscribes each day > -- hundreds of them, in fact. For some reason -- which is good, they are > held, so don't go through, not quite sure why. Two questions -- first > is there a file I can erase for each list that will get rid of all the > held subscriptions, without breaking anything else. I tried once, and > my installation broke -- don't know if it is related, but don't want to > try again unless I do it right. See the script at <https://www.msapiro.net/scripts/erase> (mirrored at <https://fog.ccsf.edu/~msapiro/scripts/erase>). This will remove everything for an address or addresses that match a regexp. Also for any list you can remove the lists/LISTNAME/request.pck file, but if there are any held messages for the list, they too will disappear from the pending requests although the data/heldmsg-LISTNAME-nnn.pck file will still be there. The best thing is to handle all held messages before removing the requests.pck file, but there is a script at <https://www.msapiro.net/scripts/hold_again> (mirrored as above) that can reprocess the data/heldmsg-LISTNAME-nnn.pck files or they can be removed if not wanted. > Secondly, there is some commonality in the subscribe addresses, are > there strings I can use to discard the subscribes so I never have to see > them. > > Below are examples, there is a common word, or a common word, a period > ., and another common word, then a plus sign + then a 4 5 or 6 character > word, all alpha, and @gmail.com > Here are examples: > > > dragonommz+ > jwmidnight+ > nommz.naidoo+ Since Mailman 2.1.21 there is a GLOBAL_BAN_LIST. See <https://mail.python.org/pipermail/mailman-users/2018-January/082905.html> for a bit on how to use this. You will find more in the archives from this Google search <https://www.google.com/search?q=site%3Amail.python.org+inurl%3Amailman-users+%22global_ban_list%22> Also, if you haven't done so, set SUBSCRIBE_FORM_SECRET to some string unique to your site. Both the above are mm_cfg.py settings. Also, I don't know when cPanel will upgrade to Mailman 2.1.26 but it contains an ability to enable reCAPTCHA on the listinfo page subscribe form. > Finally, I know it is probably too late in the Mailman2 cycle to get a > new feature, but in the web UI, it would be nice if you could delete all > deferred subscriptions. You can do so with deferred messages, that are > held, but not subscriptions. If someone wants to do it, I'd accept a merge request, but I'm not likely to do it myself -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/dandrews%40visi.com


---
This email has been checked for viruses by AVG.
https://www.avg.com

------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to