Karl Berry wrote:
>
> The above mailman-users thread refers to using fail2ban. This sounds
> sensible. Does anyone have a a working fail2ban filter they can share
> for this?
Just on more thing on this. In the case of the attacks I've seen on
mail.python.org, fail2ban is unlikely to help much
On 7/29/21 3:05 PM, Karl Berry wrote:
Thanks Mark! I've been using the mailman from my distro, which is (sigh)
older. I'll look into going back to installing mailman from scratch, as
I've done before.
We have information about upgrading a Debian/Ubuntu package from source
at
Thanks to everyone for the great replies.
davidg> I have it setup, but it's not very sophisticated ...
failregex = .*\/\s+-\s+-\s+\[.*\]\s+"POST\s+\/mailman\/subscribe
It's just looking for repeated subscribe attempts.
Thanks David! What are you using for maxretry, findtime,
On 7/29/21 11:29 AM, Mark Sapiro wrote:
On 7/28/21 2:24 PM, Karl Berry wrote:
2) At least in my cases, the floods try to subscribe the same address
over and over (and over and ...). It occurs to me that mailman could
silently discard a request to subscribe an address f...@bar.com if
On 7/28/21 2:24 PM, Karl Berry wrote:
I've mitigated the current attack, but it's happened before and will
happen again. I'm already using SUBSCRIBE_FORM_SECRET. I also saw Mark's
patch in the thread above to disable subscriptions for a particular
list, which is helpful.
Beginning with
On 7/28/21 4:24 PM, Karl Berry wrote:
1) The above mailman-users thread refers to using fail2ban. This sounds
sensible. Does anyone have a a working fail2ban filter they can share
for this?
I have it setup, but it's not very sophisticated ...
failregex =
On 07/28/21 15:24, Karl Berry wrote:
> 2) At least in my cases, the floods try to subscribe the same address
> over and over (and over and ...). It occurs to me that mailman could
> silently discard a request to subscribe an address f...@bar.com if
> f...@bar.com already has a pending subscription