Re: [Mailman-Users] Message not accepted for policy reasons

[Radwa Hamed]

Thank you very much for the reply that was exactly what I'm looking for 
, I just had to upgrade mailman to 2.1.18 to find these options



Le 19/07/2017 à 16:45, Mark Sapiro a écrit :

On 07/19/2017 06:23 AM, Radwa Hamed wrote:

is there a way to change the sender address to our
domain which permits our ip as sender , while keeping the reply to
address that of the original sender , so that the sender would be known
to others


See 

In Mailman 2.1.18+ setting Privacy options... -> Sender filters ->
dmarc_moderation_action to "Munge From" will do exactly what you ask.



--
Ingénieur Radwa Hamed
Responsable Technique local du Campus Numérique Francophone (CNF) de l'Agence 
Universitaire de la francophonie (AUF) à  l'Université Senghor
Département Formations à  Distance (FAD) & Technologies de l'information et de 
la communication pour l'Education (TICE)
1, Place Ahmed Orabi, EL Mancheya
BP 415, 2 Alexandrie - Egypte
Tél : ++ 203 482 99 59

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Distributed mass subscribe attack?

[David Gibbs]

On 8/8/2017 12:22 PM, David Gibbs wrote:

Anyone else noticing a distributed mass subscribe attack going on
their lists?

I've noticed a massive number of attempts a small subset of email
addresses, with modifiers (address+modif...@example.com), going on.

It appears the address is valid ... so it appears to be some kind of
hit job to flood someone's inbox.


FWIW: I did a bit of hacking (super simple) and think I've found a way to 
thwart the attempt (at least on my server).

It appears that the bot that's doing the attack first gets the subscribe form, 
so it can retrieve the sub_form_token value, before it does a POST to do the 
subscribe.

I changed the subscribe & listinfo scripts to use a different name for the 
sub_form_token field.  Something unique to my system.

I've seen a lot of GETS & POSTS from the hosts that were doing the attack and 
no subscribe's logged.

david



--
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding a metric century (100 km / 65 miles) in the American Diabetes 
Association's Tour de Cure to raise money for diabetes research, education, 
advocacy, and awareness.  You can make a tax deductible donation to my ride by 
visiting http://gmane.diabetessucks.net.  My goal is $6000 but any amount is 
appreciated.

You can see where my donations come from by visiting my interactive donation 
map ... http://gmane.diabetessucks.net/map (it's a geeky thing).

I may have diabetes, but diabetes doesn't have me!

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Distributed mass subscribe attack?

[Andy Cravens]

On 8/8/2017 12:22 PM, David Gibbs wrote:
> Anyone else noticing a distributed mass subscribe attack going on
> their lists?
> 
> I've noticed a massive number of attempts a small subset of email
> addresses, with modifiers (address+modif...@example.com), going on.
> 
> It appears the address is valid ... so it appears to be some kind of
> hit job to flood someone's inbox.

"FWIW: I did a bit of hacking (super simple) and think I've found a way to 
thwart the attempt (at least on my server).

It appears that the bot that's doing the attack first gets the subscribe form, 
so it can retrieve the sub_form_token value, before it does a POST to do the 
subscribe.

I changed the subscribe & listinfo scripts to use a different name for the 
sub_form_token field.  Something unique to my system."




I have the same issues.  Thank you for the info above.  I’m also working on a 
patch for reCaptcha V2.  Don’t know if I’ll have it done this month.

—
Andy
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Distributed mass subscribe attack?

[Andy Cravens]

On 8/8/2017 12:22 PM, David Gibbs wrote:
> Anyone else noticing a distributed mass subscribe attack going on
> their lists?
> 
> I've noticed a massive number of attempts a small subset of email
> addresses, with modifiers (address+modif...@example.com), going on.
> 
> It appears the address is valid ... so it appears to be some kind of
> hit job to flood someone's inbox.

FWIW: I did a bit of hacking (super simple) and think I've found a way to 
thwart the attempt (at least on my server).

It appears that the bot that's doing the attack first gets the subscribe form, 
so it can retrieve the sub_form_token value, before it does a POST to do the 
subscribe.

I changed the subscribe & listinfo scripts to use a different name for the 
sub_form_token field.  Something unique to my system.

I've seen a lot of GETS & POSTS from the hosts that were doing the attack and 
no subscribe's logged.

david




David,

I forgot to mention I’m also working on a modsecurity rule to look at all POSTs 
and reject if they contain an email address with a + sign.

—
Andy
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org