Hi mailman-users, So you know, it looks like there is a vulnerability with mailman 2 where a third party can very aggressively spoof password reminder, unsubscription, or other requests using the web interface, queueing tens of thousands of unsolicited messages to any given subscriber.
Worse, if this is done to a user of gmail or yahoo, the receiving hosts may block the mailserver’s ip address generally, preventing the delivery of legitimate list content to other subscribers using the same provider. There should probably be a rate limit on the web interface, although I understand mailman 2 is no longer developed. ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
