On 2020-08-19 18:24:30 (+0800), Andreas Schamanek via mailop wrote:
On Wed, 19 Aug 2020, at 09:51, Andy Smith via mailop wrote:
Since yesterday I've been seeing a large number of attempted
subscriptions to all the public lists on one of my Mailman servers.
(...)
I can confirm this for my servers from top to end including some of
the hashes.
BTW, Mailman mm_cfg.py option `SUBSCRIBE_FORM_SECRET` apparently
mitigates the DoS, too.
We've also had some success in the past with raising
SUBSCRIBE_FORM_MIN_TIME. It may catch out some legitimate subscribers
with short email addresses (and/or who type quickly) but we've never
heard anyone complain.
Philip
--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
