Re: [Mailman-Users] Deleting pending.pck.tmp files

2018-01-18 Thread Mark Sapiro 
On 01/18/2018 06:19 AM, João Sá Marta wrote:

> There’s the code of that page that sends a subscription request to one of my 
> mailing lists
> :document.write(“ src=‘http://ml.ci.uc.pt/mailman/subscribe/archport?email="+spam_id+"&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe'
>  width='0' height='0'>");
> 
> I am going to put some apache rewrite rules to prevent this, but I don’t know 
> if this is the best way to prevent that kind of spam.
> 
> Please let me know if you have a better way to deal with this spam.


We have seen some of this in the past. If the subscribed addresses
("+spam_id+" in the above) are such that you can create a regexp to
match them and not match potential real subscribers, you can add such
regexps to GLOBAL_BAN_LIST. Some that we have used in the past are:

^.*\+.*\d{3,}@
^.*@kezukaya\.com$
^[.a-z0-9]{8,}\+[0-9]{4,}@gmail\.com$
^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com
^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com
^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com

Also, you need to set SUBSCRIBE_FORM_SECRET in mm_cfg.py to some string
unique to your site to force a GET of the listinfo page to get a hidden
token that needs to be submitted along with the other data to the
'subscribe' URL. See the documentation of SUBSCRIBE_FORM_SECRET in
Defaults.py

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Deleting pending.pck.tmp files

2018-01-18 Thread João Sá Marta 
Hi Mark,


Thank you for your information. I’ve been using Mailman since 2000. I also 
contributed to Portuguese translation some years ago.

Great software. I have about 500 mailing lists, and have done some integration 
with Mhonarch.


> 
> This is the real Pending database. It's size is way too big. It contains
> the tokens for things like Subscruptions, Unsubscriptions, Held
> messages, etc waiting some kind of confirmation. Requests older than
> PENDING_REQUEST_LIFE (default 3 days) are expunged so it's hard to
> imagine why it is that big.


I guess that’s caused by spam. Looked at my httpd logs and I’ve found  a site ( 
http://www.skyju.cc/mailhzj.html ) that is a 
spam bomber and it sends subscription requests to 500 mailman lists spreaded 
all over the world. 

Just look at the page source of http://www.skyju.cc/mailhzj.html 
. One of my mailing lists is listed there.
There’s the code of that page that sends a subscription request to one of my 
mailing lists
:document.write(“http://ml.ci.uc.pt/mailman/subscribe/archport?email="+spam_id+"&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe'
 width='0' height='0'>");

I am going to put some apache rewrite rules to prevent this, but I don’t know 
if this is the best way to prevent that kind of spam.

Please let me know if you have a better way to deal with this spam.


Thanks again,



João Maria Montezuma Carvalho de Sá Marta
Especialista de Informática

Universidade de Coimbra · Administração
SGSIIC – Gestão de Sistemas  e Infraestruturas  de Informação e Comunicação
Divisão de Sistemas de Informação
Rua Arco da Traição · 3003-056 · Coimbra · Portugal
Tel. | Phone: +351 239 242 885
E-mail joao.sa.ma...@uc.pt

www.uc.pt/administracao 








Este email pretende ser amigo do ambiente. Pondere antes de o imprimir!
A Universidade de Coimbra dá preferência a produtos e serviços com menor 
impacto ambiental.








--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] MM3 book in the works

2018-01-18 Thread Stephen J. Turnbull 
Besides Rich's forthcoming book, Barry has an existing chapter on
Mailman's architecture in The Architecture of Open Source
Applications, Vol. II (eds. Amy Brown and Greg Wilson).

Tom Browder writes:
 > On Sat, Jan 13, 2018 at 12:07 Rich Kulawiec  wrote:

 > > I've been working on a book about mailing list management and usage --
 > > including MTAs, MLMs (such as Mailman), processes, best practices, etc.
 > > The MM material to this point has been MM2-centric, but I've been running
 > > various instances of MM3 and accumulating experience with it.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org