Re: [Mailman-Users] Users being unsubscribed without requesting it.

2017-08-19 Thread Steve Wehr 
That's the best theory I have heard so far to explain the facts. 

The user's in question, who are being unsubscribed without asking to be, are
people who like the mailing lists they are on, and would not be flagging
emails from the list as spam. Now their ISP might, but they wouldn't. The
list owners swear to me that these people are friends who want their emails.

Some further info... I was including a link at the bottom of all emails sent
by mailman (in the msg_footer field: 
"Click this link to unsubscribe:
%(user_optionsurl)s?password=%(user_password)s=1=1" 

I thought perhaps users were accidentally clicking this and unsubscribing
themselves, so I have removed the "=1" part of the URL so they
will have to manually confirm.

Maybe this would foil ISPs who are automatically following this link to
unsubscribe people. Do ISPs really do this?

_
Steve Wehr
Tunedin Web Design


-Original Message-
From: Keith Seyffarth [mailto:w...@weif.net] 
Sent: Saturday, August 19, 2017 10:55 AM
To: Steve Wehr
Cc: mailman-users@python.org
Subject: Re: [Mailman-Users] Users being unsubscribed without requesting it.

"Steve Wehr"  writes:



> The problem is that when contacted, these users swear they DID NOT 
> unsubscribe themselves. So how can they be getting unsubscribed (with 
> messages in the logs like the one above) but they are not going to the 
> member options page and unsubscribing??

One possibility would be that they are marking these messages as "Junk"
or "Spam" and their ESP/ISP, either through a manual or automated process,
is following the unsubscribe link in the email to remove them from the
list...

--

from my mac to yours...

Keith Seyffarth
mailto:w...@weif.net
http://www.weif.net/ - Home of the First Tank Guide!
http://www.rpgcalendar.net/ - the Montana Role-Playing Calendar

http://www.miscon.org/ - Montana's Longest Running Science Fiction
Convention

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Users being unsubscribed without requesting it.

2017-08-19 Thread Andy Cravens 
On Aug 19, 2017, at 8:27 AM, Steve Wehr  wrote:


subscribe:Aug 18 00:41:10 2017 (22583) saintsofswing: deleted
dorrainescofi...@gmail.com; via the member options page




Steve, if this was done via the web interface the first thing I would do is get 
the date/timestamp for the log entry “deleted via the member options page.”   
Next, search through your apache logs looking for that same date/timestamp.  
You should be able to find the exact apache access log entry with that date and 
time down to the second where someone submitted the form to remove the user.  
Your apache log should contain the IP address of the client who submitted the 
form.  Finally, look up that IP address to see who owns it.  You could also 
grep for that IP address to get all the access logs for that user to see what 
else they are up to.  This would allow you to track down the client responsible 
for unsubscribing that address.

—
Andy


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Users being unsubscribed without requesting it.

2017-08-19 Thread Keith Seyffarth 
"Steve Wehr"  writes:



> The problem is that when contacted, these users swear they DID NOT
> unsubscribe themselves. So how can they be getting unsubscribed (with
> messages in the logs like the one above) but they are not going to the
> member options page and unsubscribing??

One possibility would be that they are marking these messages as "Junk"
or "Spam" and their ESP/ISP, either through a manual or automated
process, is following the unsubscribe link in the email to remove them
from the list...

-- 

from my mac to yours...

Keith Seyffarth
mailto:w...@weif.net
http://www.weif.net/ - Home of the First Tank Guide!
http://www.rpgcalendar.net/ - the Montana Role-Playing Calendar

http://www.miscon.org/ - Montana's Longest Running Science Fiction Convention
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Users being unsubscribed without requesting it.

2017-08-19 Thread Steve Wehr 
I host about a hundred lists and from time to time the list owners keep
telling me that users are being unsubscribed from the list without asking to
be. Now I assume these users are just being removed for bouncing, but when I
check the mailman log files in /var/log/mailman I see this:

 

subscribe:Aug 18 00:41:10 2017 (22583) saintsofswing: deleted
dorrainescofi...@gmail.com; via the member options page

 

My understanding of "via the member options page" means that that user
unsubscribed themselves from the list. Users who bound have a completely
different set of messages in the logs and it's clear they were removed by
mailman for bouncing.

 

The problem is that when contacted, these users swear they DID NOT
unsubscribe themselves. So how can they be getting unsubscribed (with
messages in the logs like the one above) but they are not going to the
member options page and unsubscribing??

 

Thanks for your help.

 

_

Steve Wehr

Tunedin Web Design  

 

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Distributed mass subscribe attack?

2017-08-19 Thread Richard Shetron 



On 8/18/2017 1:52 PM, Grant Taylor via Mailman-Users wrote:

On 08/18/2017 11:07 AM, Phil Stracchino wrote:

I second this.  It is a legitimate part of compliant email addresses, no
matter how many web stores seem to believe otherwise (or are merely
unaware of it).


I third this.

I love user+detail but HATE that poorly designed web forms balk at +, 
and have been forced to do something else for user+detail like 
functionality.


I also agree with allowing the +.  I run my own mail server and now that 
postfix allows defining more then one tag character, I've added _ so I 
can tag with both + and _.  The sites rejecting RFC compliant addresses 
are very annoying.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org