On 3/5/21 9:31 AM, jor...@gmail.com wrote:
currently we get inundated with abuse complaint mails because our
mailman instance is targeted by spambots who for whatever reason try to
subscribe to the lists at our side with addresses belonging to someone
else, and when mailman sends out the confirmation email, this is
considered spam by the recipient and occasionally reported as abuse.
Athttps://www.ralfj.de/blog/2018/06/02/mailman-subscription-spam.html
I found the hint that in /etc/mailman/mm_cfg.py, one should set
SUBSCRIBE_FORM_SECRET to a random string which will trigger mailman to
embed aCSRF tokeninto the subscription form.
This, unfortunately hasn't helped. The abuse mail complaints kept
coming.
On the same page I found the note that you can also embed a captcha.
However I have not found instructions on how to do this.
If this is really the case, could somebody give me a link to where I
can find the instructions?
Depending upon what version of Mailman 2 you are running, you can add
the following to your mailman_install_dir/Mailman/mm_cfg.py
BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
RECAPTCHA_SITE_KEY = "recaptcha site key"
RECAPTCHA_SECRET_KEY = "recaptcha secret key"
What version of Mailman 2 are you running?
--
Brian Carpenter
Harmonylists.com
Emwd.com
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
