Dear all, currently we get inundated with abuse complaint mails because our mailman instance is targeted by spambots who for whatever reason try to subscribe to the lists at our side with addresses belonging to someone else, and when mailman sends out the confirmation email, this is considered spam by the recipient and occasionally reported as abuse.
At https://www.ralfj.de/blog/2018/06/02/mailman-subscription-spam.html I found the hint that in /etc/mailman/mm_cfg.py, one should set SUBSCRIBE_FORM_SECRET to a random string which will trigger mailman to embed aCSRF tokeninto the subscription form. This, unfortunately hasn't helped. The abuse mail complaints kept coming. On the same page I found the note that you can also embed a captcha. However I have not found instructions on how to do this. If this is really the case, could somebody give me a link to where I can find the instructions? Thanks so much! Johannes P.S.: I guess, mailman3 has better spam protection, but up to now, I have been too intimidated to actually do it... ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
