Re: [Mailman-Users] Spam Subscriptions

2018-06-02 Thread Jim Popovitch via Mailman-Users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Sat, 2018-06-02 at 20:50 -0700, Mark Sapiro wrote:
> Are they just script kiddies trying to be noticed or are they
> actually trying to accomplish something.

I don't think they know what potential they have, but they know there
has to be something worth building a collection for.  I'm fairly
confident that they've achieved some level of non-moderated
subscriptions on some lists, the question is what do they intend to do
with that megaphone.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsTaagACgkQJxVetMRa
JwUguA/8DdKmlfjve8q8I7RyAUq3c2FwHfmsrn4iph7cdjs+kek/6dI5Vi59A11n
ctvkbZkzCBrLwJH1T2nSZkeQ0jNbVcScCX4Iy8nscjUhU+k7Rq4E46kZbkzIzCVl
nCzhi4HEgiDv3wFCxNThBFYBxJPH8yiHIaIne4B324Q62ZordzR2KRKkoOGefU/w
wtCmUlLujvyeW1QGbBxQO5b5B9hwCwsu9izqtsS0evu+fV9uNF74Eu9J/XT82dQR
qRc+g3pDTdwMo71HLMxsY5mrZ1ZRBe0z4sSN2baDe3mr4yy2X+ebNZbPms4g7GaA
TV9vmxWDV4+SPlHLXfauD21ByTGC98GeNMaOOHsaBLiZ9CGQ41GtAsSzuR7xqmqb
PzPx/tui8bXvL+Yt6GXZq9qLBcQVeQxO3OSoYrsJt8I0+XNqtU8z/UzEoaEoqxrF
ZFXypa/+bPavINNW5h4jSCAvtT+QJso501N4HzGG/pGbWvI8+6Q80nXFB5PqFrCp
NNEAAfZmNZtsqm4nMYG65lcsmB2d3t/KpLWz9yB3y2uZWZUD0Hh/2Tet8zIrfMCT
p7sigLH0gbjaCR5dcsXoyiQoXQAraubG/D/LJ5yEhrBIuM4QLllAbqUwnqLkFu+A
S/TLW0uext7nL1HnhzRa4w/MXwme8LRF31UoDsh1hdIxiRjAYA0=
=YSGk
-END PGP SIGNATURE-

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam Subscriptions

2018-06-02 Thread David Andrews 

At 10:29 PM 6/2/2018, Mark Sapiro wrote:

On 06/02/2018 06:55 PM, David Andrews wrote:
>
> Does anyone have any solution for dealing with spam subscriptions from
> gmail
> addresses?
> The requests are coming from random addresses that contain a few words, a
> plus sign, then another random string of characters.


I use this regexp in the GLOBAL_BAN_LIST

^[0-9a-z.]{8,}\+[0-9a-z]{4,}@gmail\.com$

That blocks subscribe attempts from any address which is 8 or more
letters, digits and periods followed by a plus followed by 4 or more
letters and digits @gmail.com.

Recently, I've seen some with only 6 letters before the + so you might
reduce {8,} to {6,}. I think I'll try that too.

I also have

^.*\+.*\d{3,}@

which blocks anything with a + followed by anything ending in 3 or more
digits. Scanning the membership of all the Mailman 2.1 lists @python.org
(over 132K addresses) shows only 10 matches 4 of which were members of
the python-3...@python.org with addresses .*+python-3000@.* and the
other 6 were nabble.com or googlegroups.com, so it's very unlikely that
legitimate regular subscribers will match that.

The advantage of the global ban list for this is all the ones I've seen
are web subscribes. This blocks them with a web response and doesn't
send any confirmation email.



Thanks very much -- we are trying it!

You always have the answer -- thanks!

Dave




> We are getting hundreds of held subscription messages per day. Is blocking
> this kind of thing through Exim an option? We are using cpanel.


If these as I've seen are all web subscribes, the only thing you could
do in Exim is drop the outgoing confirmation email, but banning them
stops the subscribe attempt before any mail is sent.



---
This email has been checked for viruses by AVG.
https://www.avg.com

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam Subscriptions

2018-06-02 Thread Mark Sapiro 
I have a different question.

For a few weeks now the Mailman 2.1 lists @python.org have seen a
massive number of web subscribes from addresses @yahoo.com and @aol.com
addresses. The aol.com ones seem to have abated but yahoo.com continues.
They mostly have local parts that look like first and last names and
display names that don't match the local part name. I implemented
reCAPTCHA on the listinfo subscribe forms and that didn't seem to slow
them down. Also, at first at least some of the subscriptions waiting
user confirmation were being confirmed, some by email and some by web.

I have resorted to scraping Mailman's logs with an hourly cron looking
for subscribes and attempts and when it find 4 or more for a single
address, it uses my erase script to remove them.

This seems to slow down on weekends and pick up during the week.

My question is does anyone have a clue as to who might be doing this and
what they are trying to accomplish. As far as I know, even when they've
succeeded in subscribing, they don't try to post.

Are they just script kiddies trying to be noticed or are they actually
trying to accomplish something.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam Subscriptions

2018-06-02 Thread Mark Sapiro 
On 06/02/2018 06:55 PM, David Andrews wrote:
> 
> Does anyone have any solution for dealing with spam subscriptions from
> gmail
> addresses?
> The requests are coming from random addresses that contain a few words, a
> plus sign, then another random string of characters.


I use this regexp in the GLOBAL_BAN_LIST

^[0-9a-z.]{8,}\+[0-9a-z]{4,}@gmail\.com$

That blocks subscribe attempts from any address which is 8 or more
letters, digits and periods followed by a plus followed by 4 or more
letters and digits @gmail.com.

Recently, I've seen some with only 6 letters before the + so you might
reduce {8,} to {6,}. I think I'll try that too.

I also have

^.*\+.*\d{3,}@

which blocks anything with a + followed by anything ending in 3 or more
digits. Scanning the membership of all the Mailman 2.1 lists @python.org
(over 132K addresses) shows only 10 matches 4 of which were members of
the python-3...@python.org with addresses .*+python-3000@.* and the
other 6 were nabble.com or googlegroups.com, so it's very unlikely that
legitimate regular subscribers will match that.

The advantage of the global ban list for this is all the ones I've seen
are web subscribes. This blocks them with a web response and doesn't
send any confirmation email.


> We are getting hundreds of held subscription messages per day. Is blocking
> this kind of thing through Exim an option? We are using cpanel. 


If these as I've seen are all web subscribes, the only thing you could
do in Exim is drop the outgoing confirmation email, but banning them
stops the subscribe attempt before any mail is sent.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam Subscriptions

2018-06-02 Thread David Andrews 
A couple months ago I asked a question and got a 
response from Mark Sapiro, see below. We are 
having trouble implementing anything. We are 
trying recaptcha, but it isn't popular with our 
users, thousands of whom are blind. Here is what my Linux guy asks:


Does anyone have any solution for dealing with spam subscriptions from gmail
addresses?
The requests are coming from random addresses that contain a few words, a
plus sign, then another random string of characters. I can't figure out how
we block this without blocking all addresses with plus characters in them,
which is not a good option.
We are getting hundreds of held subscription messages per day. Is blocking
this kind of thing through Exim an option? We are using cpanel.


p.s. The number of messages is causing my ISP to throttle my e-mail!

Dave


At 01:50 PM 2/23/2018, Mark Sapiro wrote:
On 02/23/2018 07:07 AM, David Andrews wrote: > > 
I have just two lists that receive a bunch of 
spam subscribes each day > -- hundreds of them, 
in fact. For some reason -- which is good, they 
are > held, so don't go through, not quite sure 
why.  Two questions -- first > is there a file 
I can erase for each list that will get rid of 
all the > held subscriptions, without breaking 
anything else.  I tried once, and > my 
installation broke -- don't know if it is 
related, but don't want to > try again unless I 
do it right. See the script at 
 
(mirrored at 
). 
This will remove everything for an address or 
addresses that match a regexp. Also for any list 
you can remove the lists/LISTNAME/request.pck 
file, but if there are any held messages for the 
list, they too will disappear from the pending 
requests although the 
data/heldmsg-LISTNAME-nnn.pck file will still be 
there. The best thing is to handle all held 
messages before removing the requests.pck file, 
but there is a script at 
 
(mirrored as above) that can reprocess the 
data/heldmsg-LISTNAME-nnn.pck files or they can 
be removed if not wanted. > Secondly, there is 
some commonality in the subscribe addresses, 
are > there strings I can use to discard the 
subscribes so I never have to see > them. > > 
Below are examples, there is a common word, or a 
common word, a period > ., and another common 
word, then a plus sign + then a 4 5 or 6 
character > word, all alpha, and @gmail.com > 
Here are examples: > > > dragonommz+ > 
jwmidnight+ > nommz.naidoo+ Since Mailman 2.1.21 
there is a GLOBAL_BAN_LIST. See 
 
for a bit on how to use this. You will find more 
in the archives from this Google search 
 
Also, if you haven't done so, set 
SUBSCRIBE_FORM_SECRET to some string unique to 
your site. Both the above are mm_cfg.py 
settings. Also, I don't know when cPanel will 
upgrade to Mailman 2.1.26 but it contains an 
ability to enable reCAPTCHA on the listinfo page 
subscribe form. > Finally, I know it is probably 
too late in the Mailman2 cycle to get a > new 
feature, but in the web UI, it would be nice if 
you could delete all > deferred 
subscriptions.  You can do so with deferred 
messages, that are > held, but not 
subscriptions. If someone wants to do it, I'd 
accept a merge request, but I'm not likely to do 
it myself -- Mark Sapiro 
The highway is for 
gamblers, San Francisco Bay Area, 
Californiabetter use your sense - B. Dylan 
-- 
Mailman-Users mailing list 
Mailman-Users@python.org 
https://mail.python.org/mailman/listinfo/mailman-users 
Mailman FAQ: http://wiki.list.org/x/AgA3 
Security Policy: http://wiki.list.org/x/QIA9 
Searchable Archives: 
http://www.mail-archive.com/mailman-users%40python.org/ 
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/dandrews%40visi.com



---
This email has been checked for viruses by AVG.
https://www.avg.com

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] "Freezing" mailing list

2018-06-02 Thread Tatsuo Ishii 
> Hi,
> 
> Though already it has been resolved, JFYI.
> 
> On 05/29/18 23:20, Tatsuo Ishii wrote:
>> I would like to "freeze" an existing mailing list: I want to keep the
>> mailing list but I want no one newly subscribe the list.
> 
> I've implemented new list's subscribe_policy 'forbid' for this
> purpose.
> https://code.launchpad.net/~futatuki/mailman/2.1-forbid-subscription
> 
> (patch against latest mailman:
> https://mm.poem.co.jp/mailman-jp/forbid-subscription-r1762-patch.txt )

Thank you for letting know me your work. I myself is not a mailman
admin but I will forward this to our admin so that he could think
about employig the patch.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] "Freezing" mailing list

2018-06-02 Thread Yasuhito FUTATSUKI 

Hi,

Though already it has been resolved, JFYI.

On 05/29/18 23:20, Tatsuo Ishii wrote:

I would like to "freeze" an existing mailing list: I want to keep the
mailing list but I want no one newly subscribe the list.


I've implemented new list's subscribe_policy 'forbid' for this purpose.
https://code.launchpad.net/~futatuki/mailman/2.1-forbid-subscription

(patch against latest mailman:
https://mm.poem.co.jp/mailman-jp/forbid-subscription-r1762-patch.txt )

With 'forbid' subscribe_policy,
* it hide subscription form on list's listinfo page (by using new
  template listinfo_nosubscribe.html).
* it reject all subscription request from users via Web UI and via email.
* following operations are still allowed, inspite of ban_lists rule
  to prevent any email address to subscribe doesn't allow them.
- changing email address of users already subscribing both by users
  themselves operations and by list owners.
- adding new member via operations by list owner or site owner.

On the other hand, the things to be worse,
* this breakes translations of some conpicious message by modification.
  (this is one reason why this modification won't be merged into
   upstream)
* it also is needed to prepare new translated template for listinfo
  page without subscription form, for all languages used by lists
  (otherwise, fall back to English template if 'forbid' policy is
  choosed)
* new value for subscribe_policy 4 as 'forbid' may conflict with
  future release of mailman 2.1 and already this value is
  incompatible with current version. (to migrate list config data
  file from modified version to upstream, make sure its
  subscribe_policy should be other than 'forbid')

--
Yasuhito FUTATSUKI 
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org