Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

2018-06-04 Thread Jim Popovitch via Mailman-Users 
On June 5, 2018 1:22:54 AM UTC, Mark Sapiro  wrote:
>On 06/04/2018 05:48 PM, Mark Sapiro wrote:
>> I have applied the attached patch to a couple of installations. We'll
>> see if it helps.
>
>
>I have made this a feature contingent on setting
>
>mm_cfg.BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
>

Thank you very much Mark.  The latest patch (from bzr) applies cleanly and 
there's something new in the vette log already:

Jun 05 04:55:44 2018 (1812) Users banned subscription: i...@bitbroker.co.uk 
from 116.255.35.23 (Spamhaus IP)

Very nice!

Thanks again,

-Jim P.


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

2018-06-04 Thread Mark Sapiro 
On 06/04/2018 06:40 PM, Adam Goldberg wrote:
> Mark - did you consider generalizing the patch a little bit (so it works with 
> Spamhaus, but also with other RBLs)?  Spamhaus is one RBL provider, but there 
> are a bunch (and most of them work the same way).


Yes, I know, but I wanted something simple. I'm actually in the process
of restricting Spamhaus a bit to not include PBL hits because those are
IPs that by policy don't send mail and they're probably not appropriate
for this purpose.

I am trying to do something simple. I certainly don't want to introduce
a complicated configuration option to select RBLs. As time permits, I
may add other lists, but for now I'm just querying Spamhaus ZEN but only
accepting hits from SBL, CSS or XBL.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

2018-06-04 Thread Mark Sapiro 
On 06/04/2018 05:48 PM, Mark Sapiro wrote:
> I have applied the attached patch to a couple of installations. We'll
> see if it helps.


I have made this a feature contingent on setting

mm_cfg.BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes

and committed it for the next release.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

2018-06-04 Thread Mark Sapiro 
On 06/04/2018 03:27 PM, Jim Popovitch via Mailman-Users wrote:
> 
> BTW, most of those IPs are listed in the XBL (https://www.spamhaus.org/
> xbl/).  I think I'll work on a patch to block signups from IPs in the
> XBL and domains in the DBL (https://www.spamhaus.org/dbl/)


I just checked against spamhaus ZEN and of the 196 IPs associated with
the banned subscribes I reported earlier in this thread, 168 are listed.

I have applied the attached patch to a couple of installations. We'll
see if it helps.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
=== modified file 'Mailman/MailList.py'
--- Mailman/MailList.py	2018-04-11 09:36:40 +
+++ Mailman/MailList.py	2018-06-05 00:14:20 +
@@ -908,6 +908,13 @@
 syslog('vette', '%s banned subscription: %s%s (matched: %s)',
realname, email, whence, pattern)
 raise Errors.MembershipIsBanned, pattern
+# See if this is from a spamhaus listed IP.
+if remote:
+if Utils.banned_ip(remote):
+whence = ' from %s' % remote
+syslog('vette', '%s banned subscription: %s%s (Spamhaus IP)',
+   realname, email, whence)
+raise Errors.MembershipIsBanned, pattern
 # Sanity check the digest flag
 if digest and not self.digestable:
 raise Errors.MMCantDigestError

=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py	2018-04-11 09:36:40 +
+++ Mailman/Utils.py	2018-06-05 00:19:56 +
@@ -1495,3 +1495,24 @@
 else:
 return s
 
+def banned_ip(ip):
+if not dns_resolver:
+return False
+parts = ip.split('.')
+if len(parts) != 4:
+return False
+lookup = '{}.{}.{}.{}.zen.spamhaus.org'.format(parts[3],
+   parts[2],
+   parts[1],
+   parts[0])
+resolver = dns.resolver.Resolver()
+try:
+ans = resolver.query(lookup, dns.rdatatype.A)
+except DNSException:
+return False
+if not ans:
+return False
+text = ans.rrset.to_text()
+if re.search(r'127\.0\.0\.\d{1,2}$', text, re.MULTILINE):
+return True
+return False



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

2018-06-04 Thread Mark Sapiro 
My own production server started getting these a few hours ago. I am
currently banning '^support[@+].*' and '^info[@+].*'

These are addresses I've banned within the last 2 hours:

i...@bitbroker.co.uk
i...@btcsolutions.ca
support+aal...@bitflyer.com
support+adqyy...@coindirect.com
support+aog...@coindirect.com
support+at...@vaultoro.com
support+aypx...@coindirect.com
support+azrq...@btc-alpha.com
support+bcnk...@bitcoin.com.au
support+b...@coinexchange.io
support+bfo...@coinexchange.io
support+bj...@coinexchange.io
support+br...@quickbitcoin.co.uk
support+b...@bitflyer.com
support+bx...@bitflyer.com
support+cdnbw...@quickbitcoin.co.uk
support+cgfq...@quickbitcoin.co.uk
support+cilpf...@bitcoin.com.au
support+co...@cryptopay.me
support+csh...@coindirect.com
support+csnni...@vaultoro.com
support+c...@bitcoin.com.au
support+dptv...@coindirect.com
support+dr...@coindirect.com
support+dsrsi...@quickbitcoin.co.uk
support+dswqo...@coinexchange.io
support+d...@btc-alpha.com
support+dw...@cryptopay.me
support+ehfr...@bitcoin.com.au
support+ek...@bitflyer.com
support+e...@btc-alpha.com
support+eyppc...@coindirect.com
support+ezk...@btc-alpha.com
support+fe...@bitcoin.com.au
support+fjirx...@bitflyer.com
support+f...@btc-alpha.com
support+frer...@bitcoin.com.au
support+frsn...@bitflyer.com
support+frv...@bitflyer.com
support+fxo...@bitflyer.com
support+gbnvy...@btc-alpha.com
support+gd...@coindirect.com
support+geqk...@btc-alpha.com
support+ggbl...@vaultoro.com
support+gsugh...@btc-alpha.com
support+gxrrn...@btc-alpha.com
support+gysj...@cryptopay.me
support+hbfw...@btc-alpha.com
support+hdky...@coindirect.com
support+hebx...@coinexchange.io
support+h...@cryptopay.me
support+hhw...@bitflyer.com
support+hi...@bitcoin.com.au
support+hl...@btc-alpha.com
support+hnka...@coindirect.com
support+hpccn...@quickbitcoin.co.uk
support+i...@vaultoro.com
support+igabx...@quickbitcoin.co.uk
support+i...@bitcoin.com.au
support+iqn...@bitflyer.com
support+iuzqq...@cryptopay.me
support+i...@coindirect.com
support+i...@bitcoin.com.au
support+izhwf...@coindirect.com
support+jiq...@bitcoin.com.au
support+j...@cryptopay.me
support+j...@coinexchange.io
support+jtlsb...@cryptopay.me
support+jzcxk...@coindirect.com
support+kft...@btc-alpha.com
support+kgtk...@vaultoro.com
support+kwcs...@vaultoro.com
support+k...@bitcoin.com.au
support+ldhjd...@cryptopay.me
support+le...@btc-alpha.com
support+mabxe...@cryptopay.me
support+ma...@coindirect.com
support+mj...@coindirect.com
support+m...@btc-alpha.com
support+mp...@quickbitcoin.co.uk
support+mtam...@bitcoin.com.au
support+nca...@coindirect.com
support+n...@vaultoro.com
support+nhstj...@vaultoro.com
support+n...@bitflyer.com
support+npqfy...@cryptopay.me
support+nqh...@coinexchange.io
support+ntaei...@coindirect.com
support+nyiqp...@bitflyer.com
support+ojnib...@bitcoin.com.au
support+orfg...@quickbitcoin.co.uk
support+o...@coinexchange.io
support+oswx...@bitflyer.com
support+otzy...@coindirect.com
support+o...@bitcoin.com.au
support+pfg...@quickbitcoin.co.uk
support+pne...@cryptopay.me
support+psuoi...@coinexchange.io
support+p...@coindirect.com
support+p...@quickbitcoin.co.uk
support+qedmf...@bitcoin.com.au
support+qgd...@quickbitcoin.co.uk
support+r...@bitflyer.com
support+ri...@bitflyer.com
support+rjv...@bitcoin.com.au
support+rjz...@coindirect.com
support+rrd...@bitflyer.com
support+r...@bitflyer.com
support+r...@coinexchange.io
support+ryhxo...@cryptopay.me
support+s...@btc-alpha.com
support+sf...@quickbitcoin.co.uk
support+skwpx...@coinexchange.io
support+sla...@btc-alpha.com
support+slkxe...@vaultoro.com
support+ta...@btc-alpha.com
support+tb...@quickbitcoin.co.uk
support+te...@coindirect.com
support+tocq...@cryptopay.me
support+tsuq...@bitflyer.com
support+tuy...@btc-alpha.com
support+tww...@bitflyer.com
support+tx...@vaultoro.com
support+tzzfx...@coinexchange.io
support+ufy...@btc-alpha.com
support+ugki...@bitcoin.com.au
support+uhdq...@btc-alpha.com
support+ula...@quickbitcoin.co.uk
support+ul...@vaultoro.com
support+umst...@quickbitcoin.co.uk
support+u...@bitcoin.com.au
support+ur...@cryptopay.me
support+vbs...@bitcoin.com.au
support+vdtc...@cryptopay.me
support+vdtwj...@vaultoro.com
support+vjji...@cryptopay.me
support+vq...@quickbitcoin.co.uk
support+v...@coindirect.com
support+vy...@btc-alpha.com
support+waivt...@coindirect.com
support+w...@btc-alpha.com
support+w...@btc-alpha.com
support+xbk...@coindirect.com
support+x...@cryptopay.me
support+xdsb...@bitcoin.com.au
support+xiyy...@bitcoin.com.au
support+xpbi...@bitflyer.com
support+x...@coindirect.com
support+xqk...@vaultoro.com
support+xsref...@btc-alpha.com
support+xxrzl...@btc-alpha.com
support+yaadu...@coinexchange.io
support+yeaqv...@coinexchange.io
support+yebx...@btc-alpha.com
support+ye...@quickbitcoin.co.uk
support+yff...@vaultoro.com
support+yf...@coindirect.com
support+y...@coinexchange.io
support+yho...@coindirect.com
support+yj...@vaultoro.com
support+ymyci...@cryptopay.me
support+yndc...@vaultoro.com

Re: [Mailman-Users] Bogus Subscriptions

2018-06-04 Thread Russell Clemings 
I can add a few more:

glacierponi+ (etc.)
hanakage777+
icecreamkatana+
nasamok2+
oddjuice11+

and all of these (plus one that probably wouldn't make it past a spam
filter):

i...@bitbroker.co.uk
i...@btcsolutions.ca
oddju...@yahoo.com
s7g...@yahoo.com
supp...@cryptopay.me






> -- Forwarded message --
> From: Jim Popovitch 
> To: mailman-users@python.org
> Cc:
> Bcc:
> Date: Mon, 04 Jun 2018 18:10:57 -0400
> Subject: Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users
> Digest, Vol 172, Issue 6)
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Mon, 2018-06-04 at 14:48 -0700, Russell Clemings wrote:
> > They seem to be changing their tactics pretty much regularly now.
> > Just
> > tailing the subscribe log I see all of these:
> >
> > Jun 04 21:28:16 2018 (16689) LISTNAME1: pending Steven Lugo <
> > supp...@quickbitcoin.co.uk>  159.203.88.55
> > Jun 04 21:30:06 2018 (17063) LISTNAME1: pending Steve Asher <
> > supp...@bitcoin.com.au>  185.237.98.51
> > Jun 04 21:30:38 2018 (17503) LISTNAME2: pending Sterling Leng <
> > supp...@vaultoro.com>  185.237.98.51
> > Jun 04 21:31:26 2018 (17651) LISTNAME3: pending Cristina Hibbard <
> > supp...@vaultoro.com>  59.152.95.54
> > Jun 04 21:32:01 2018 (17754) LISTNAME3: pending Kirk Maddox <
> > supp...@bitcoin.com.au>  185.237.98.51
> > Jun 04 21:33:58 2018 (18188) LISTNAME4: pending Jarrod Rand <
> > supp...@vaultoro.com>  80.211.240.206
> > Jun 04 21:36:54 2018 (19212) LISTNAME5: pending Anna Glen <
> > supp...@quickbitcoin.co.uk>  159.203.88.55
> > Jun 04 21:36:59 2018 (19231) LISTNAME1: pending John Savage <
> > supp...@bitflyer.com>  39.137.69.9
> > Jun 04 21:38:21 2018 (19476) LISTNAME4: pending Sarah Adami <
> > supp...@coindirect.com>  185.237.98.51
> >
>
> Interesting, I see delimited email addrs for those same domains.
>
> Jun 04 20:57:11 2018 (5670) users: pending James Sturgill  @quickbitcoin.co.uk>  111.13.56.16
> Jun 04 21:19:10 2018 (7469) users: pending John Heninger  @bitflyer.com>  152.231.81.122
> Jun 04 21:35:52 2018 (8894) users: pending Judith Route  vaultoro.com>  149.202.38.124
> Jun 04 21:42:25 2018 (9149) users: pending Donna Watts  @vaultoro.com>  212.73.137.45
> Jun 04 21:49:33 2018 (9323) users: pending Justin Rybij  r...@bitflyer.com>  67.197.233.15
>
> FWIW,
>
> here's the list I've accumulated so far:
> alec768+kx...@gmail.com
> alec768+kyc...@gmail.com
> alec768+orf...@gmail.com
> alec768+tm...@gmail.com
> alexmanalo76+e...@gmail.com
> alexmanalo76+hrr...@gmail.com
> alexmanalo76+nbkd...@gmail.com
> alexmanalo76+vhffi...@gmail.com
> alexmanalo76+vlk...@gmail.com
> alexmanalo76+vns...@gmail.com
> alexmanalo76+zas...@gmail.com
> cybertuna94+c...@gmail.com
> cybertuna94+gjuht...@gmail.com
> cybertuna94+jh...@gmail.com
> cybertuna94+wdlg...@gmail.com
> cybertuna94+xgos...@gmail.com
> cybertuna94+x...@gmail.com
> desertkaiju+fy...@gmail.com
> desertkaiju+piurl...@gmail.com
> desertkaiju+rv...@gmail.com
> desertkaiju+ta...@gmail.com
> desertkaiju+vwsg...@gmail.com
> desertkaiju+wf...@gmail.com
> desertkaiju+z...@gmail.com
> khongthong94+badu...@gmail.com
> khongthong94+bhct...@gmail.com
> khongthong94+veya...@gmail.com
> spikedmauler+j...@gmail.com
> sqrlyjack+hbql...@gmail.com
> sqrlyjack+hd...@gmail.com
> sqrlyjack+ny...@gmail.com
> sqrlyjack+vamj...@gmail.com
> sqrlyjack+vdflt...@gmail.com
> support+jzmpf...@bitflyer.com
> support+q...@quickbitcoin.co.uk
> support+qw...@bitflyer.com
> support+xw...@vaultoro.com
> support+yvdm...@vaultoro.com
> tinyowl94+dcjf...@gmail.com
> tinyowl94+ftmyd...@gmail.com
> tinyowl94+kff...@gmail.com
> tinyowl94+pfa...@gmail.com
> tinyowl94+s...@gmail.com
> tinyowl94+zo...@gmail.com
> yllwdg+gitv...@gmail.com
>
>
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

2018-06-04 Thread Jim Popovitch via Mailman-Users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, 2018-06-04 at 18:10 -0400, Jim Popovitch wrote:
> On Mon, 2018-06-04 at 14:48 -0700, Russell Clemings wrote:
> > They seem to be changing their tactics pretty much regularly now.
> > Just
> > tailing the subscribe log I see all of these:
> > 
> > Jun 04 21:28:16 2018 (16689) LISTNAME1: pending Steven Lugo <
> > supp...@quickbitcoin.co.uk>  159.203.88.55
> > Jun 04 21:30:06 2018 (17063) LISTNAME1: pending Steve Asher <
> > supp...@bitcoin.com.au>  185.237.98.51
> > Jun 04 21:30:38 2018 (17503) LISTNAME2: pending Sterling Leng <
> > supp...@vaultoro.com>  185.237.98.51
> > Jun 04 21:31:26 2018 (17651) LISTNAME3: pending Cristina Hibbard <
> > supp...@vaultoro.com>  59.152.95.54
> > Jun 04 21:32:01 2018 (17754) LISTNAME3: pending Kirk Maddox <
> > supp...@bitcoin.com.au>  185.237.98.51
> > Jun 04 21:33:58 2018 (18188) LISTNAME4: pending Jarrod Rand <
> > supp...@vaultoro.com>  80.211.240.206
> > Jun 04 21:36:54 2018 (19212) LISTNAME5: pending Anna Glen <
> > supp...@quickbitcoin.co.uk>  159.203.88.55
> > Jun 04 21:36:59 2018 (19231) LISTNAME1: pending John Savage <
> > supp...@bitflyer.com>  39.137.69.9
> > Jun 04 21:38:21 2018 (19476) LISTNAME4: pending Sarah Adami <
> > supp...@coindirect.com>  185.237.98.51
> > 
> 
> Interesting, I see delimited email addrs for those same domains.
> 
> Jun 04 20:57:11 2018 (5670) users: pending James Sturgill
>  @quickbitcoin.co.uk>  111.13.56.16
> Jun 04 21:19:10 2018 (7469) users: pending John Heninger
>  @bitflyer.com>  152.231.81.122
> Jun 04 21:35:52 2018 (8894) users: pending Judith Route
>  vaultoro.com>  149.202.38.124
> Jun 04 21:42:25 2018 (9149) users: pending Donna Watts
>  @vaultoro.com>  212.73.137.45
> Jun 04 21:49:33 2018 (9323) users: pending Justin Rybij
>  r...@bitflyer.com>  67.197.233.15
> 
> FWIW,
> 
> here's the list I've accumulated so far:
> alec768+kx...@gmail.com
> alec768+kyc...@gmail.com
> alec768+orf...@gmail.com
> alec768+tm...@gmail.com
> alexmanalo76+e...@gmail.com
> alexmanalo76+hrr...@gmail.com
> alexmanalo76+nbkd...@gmail.com
> alexmanalo76+vhffi...@gmail.com
> alexmanalo76+vlk...@gmail.com
> alexmanalo76+vns...@gmail.com
> alexmanalo76+zas...@gmail.com
> cybertuna94+c...@gmail.com
> cybertuna94+gjuht...@gmail.com
> cybertuna94+jh...@gmail.com
> cybertuna94+wdlg...@gmail.com
> cybertuna94+xgos...@gmail.com
> cybertuna94+x...@gmail.com
> desertkaiju+fy...@gmail.com
> desertkaiju+piurl...@gmail.com
> desertkaiju+rv...@gmail.com
> desertkaiju+ta...@gmail.com
> desertkaiju+vwsg...@gmail.com
> desertkaiju+wf...@gmail.com
> desertkaiju+z...@gmail.com
> khongthong94+badu...@gmail.com
> khongthong94+bhct...@gmail.com
> khongthong94+veya...@gmail.com
> spikedmauler+j...@gmail.com
> sqrlyjack+hbql...@gmail.com
> sqrlyjack+hd...@gmail.com
> sqrlyjack+ny...@gmail.com
> sqrlyjack+vamj...@gmail.com
> sqrlyjack+vdflt...@gmail.com
> support+jzmpf...@bitflyer.com
> support+q...@quickbitcoin.co.uk
> support+qw...@bitflyer.com
> support+xw...@vaultoro.com
> support+yvdm...@vaultoro.com
> tinyowl94+dcjf...@gmail.com
> tinyowl94+ftmyd...@gmail.com
> tinyowl94+kff...@gmail.com
> tinyowl94+pfa...@gmail.com
> tinyowl94+s...@gmail.com
> tinyowl94+zo...@gmail.com
> yllwdg+gitv...@gmail.com
> 
> And these are the IPs:
> 
> 101.132.136.83
> 103.35.168.166
> 110.37.200.83
> 111.13.56.16
> 121.10.118.70
> 138.122.2.7
> 139.224.24.26
> 144.76.62.29
> 149.13.80.46
> 149.202.38.124
> 150.109.44.245
> 152.231.81.122
> 176.235.99.166
> 179.180.144.28
> 181.118.183.153
> 186.251.102.85
> 187.106.238.241
> 187.12.46.218
> 187.190.221.71
> 187.245.88.185
> 188.211.227.149
> 189.76.93.64
> 190.12.47.246
> 190.144.39.34
> 190.214.1.26
> 191.0.70.90
> 193.165.144.66
> 197.210.216.22
> 197.255.255.91
> 200.165.177.66
> 200.202.229.218
> 201.10.154.50
> 201.49.98.58
> 202.179.186.138
> 202.179.4.70
> 202.191.121.171
> 212.49.84.113
> 212.73.137.45
> 218.60.8.99
> 221.214.208.226
> 36.67.233.131
> 67.197.233.15
> 78.66.102.104
> 80.122.84.246

BTW, most of those IPs are listed in the XBL (https://www.spamhaus.org/
xbl/).  I think I'll work on a patch to block signups from IPs in the
XBL and domains in the DBL (https://www.spamhaus.org/dbl/)

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsVvN8ACgkQJxVetMRa
JwUaug/+IUCgta0kc6d6zUUvVqo26UGlMGA7xGyhSFwc5MHArRMp9HL02ZvvB3V5
7COmUt1BDpuXN+ANESWVan/ZUQtwo3B6TbJlItrquUyOlr0vsOAcIENaLF9M70Zn
lZNq7RbiuX1NqLwgCE5+XUBLqrBv/UN01TLjPyYIMhKvWzes/rFpyYNIoUECLX1J
DVqvlo03EQddZmccVFyQ9FBBJfYKYOjWx2U6Im2mtf11tRIrPScGNZHrUzEYXJJr
1ilFBEr4MAPAdGgN+NiX7X7ei/O516lZGpXyjt60Mod1x62FCxXTUTYEUQ8Lshza
kULK8QtECBANbNZP23NG7U7NnLINbC8qKkSKh5mkmhjlU+qhLh+6STTv/uyA5s6v
MllrEt72ycJIFH7Xt5hUH3RuHlNR/1OgM4d8yLbDeCy5S/WjXxfGG/PeSIBCtG3l
lZw/thIBxRcxOCa/s55PBvhIz0qgv1YSA4RgCBbw5MhsO+GbV9+/lX5/fkNKd+uE
nntLBr9TPtuRDLAMOatcz3L/Yc355DXVteGNxi4eHhcJJboWr24ACOChVCvsy63y
RH2lrZC+jsVr+f+HP4oZdoYGEtUZdxmVZYalRDmgHyFQL1pOfBzt7XyA11yFgWYq

Re: [Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

2018-06-04 Thread Jim Popovitch via Mailman-Users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, 2018-06-04 at 14:48 -0700, Russell Clemings wrote:
> They seem to be changing their tactics pretty much regularly now.
> Just
> tailing the subscribe log I see all of these:
> 
> Jun 04 21:28:16 2018 (16689) LISTNAME1: pending Steven Lugo <
> supp...@quickbitcoin.co.uk>  159.203.88.55
> Jun 04 21:30:06 2018 (17063) LISTNAME1: pending Steve Asher <
> supp...@bitcoin.com.au>  185.237.98.51
> Jun 04 21:30:38 2018 (17503) LISTNAME2: pending Sterling Leng <
> supp...@vaultoro.com>  185.237.98.51
> Jun 04 21:31:26 2018 (17651) LISTNAME3: pending Cristina Hibbard <
> supp...@vaultoro.com>  59.152.95.54
> Jun 04 21:32:01 2018 (17754) LISTNAME3: pending Kirk Maddox <
> supp...@bitcoin.com.au>  185.237.98.51
> Jun 04 21:33:58 2018 (18188) LISTNAME4: pending Jarrod Rand <
> supp...@vaultoro.com>  80.211.240.206
> Jun 04 21:36:54 2018 (19212) LISTNAME5: pending Anna Glen <
> supp...@quickbitcoin.co.uk>  159.203.88.55
> Jun 04 21:36:59 2018 (19231) LISTNAME1: pending John Savage <
> supp...@bitflyer.com>  39.137.69.9
> Jun 04 21:38:21 2018 (19476) LISTNAME4: pending Sarah Adami <
> supp...@coindirect.com>  185.237.98.51
> 

Interesting, I see delimited email addrs for those same domains.

Jun 04 20:57:11 2018 (5670) users: pending James Sturgill   111.13.56.16
Jun 04 21:19:10 2018 (7469) users: pending John Heninger   152.231.81.122
Jun 04 21:35:52 2018 (8894) users: pending Judith Route   149.202.38.124
Jun 04 21:42:25 2018 (9149) users: pending Donna Watts   212.73.137.45
Jun 04 21:49:33 2018 (9323) users: pending Justin Rybij   67.197.233.15

FWIW,

here's the list I've accumulated so far:
alec768+kx...@gmail.com
alec768+kyc...@gmail.com
alec768+orf...@gmail.com
alec768+tm...@gmail.com
alexmanalo76+e...@gmail.com
alexmanalo76+hrr...@gmail.com
alexmanalo76+nbkd...@gmail.com
alexmanalo76+vhffi...@gmail.com
alexmanalo76+vlk...@gmail.com
alexmanalo76+vns...@gmail.com
alexmanalo76+zas...@gmail.com
cybertuna94+c...@gmail.com
cybertuna94+gjuht...@gmail.com
cybertuna94+jh...@gmail.com
cybertuna94+wdlg...@gmail.com
cybertuna94+xgos...@gmail.com
cybertuna94+x...@gmail.com
desertkaiju+fy...@gmail.com
desertkaiju+piurl...@gmail.com
desertkaiju+rv...@gmail.com
desertkaiju+ta...@gmail.com
desertkaiju+vwsg...@gmail.com
desertkaiju+wf...@gmail.com
desertkaiju+z...@gmail.com
khongthong94+badu...@gmail.com
khongthong94+bhct...@gmail.com
khongthong94+veya...@gmail.com
spikedmauler+j...@gmail.com
sqrlyjack+hbql...@gmail.com
sqrlyjack+hd...@gmail.com
sqrlyjack+ny...@gmail.com
sqrlyjack+vamj...@gmail.com
sqrlyjack+vdflt...@gmail.com
support+jzmpf...@bitflyer.com
support+q...@quickbitcoin.co.uk
support+qw...@bitflyer.com
support+xw...@vaultoro.com
support+yvdm...@vaultoro.com
tinyowl94+dcjf...@gmail.com
tinyowl94+ftmyd...@gmail.com
tinyowl94+kff...@gmail.com
tinyowl94+pfa...@gmail.com
tinyowl94+s...@gmail.com
tinyowl94+zo...@gmail.com
yllwdg+gitv...@gmail.com

And these are the IPs:

101.132.136.83
103.35.168.166
110.37.200.83
111.13.56.16
121.10.118.70
138.122.2.7
139.224.24.26
144.76.62.29
149.13.80.46
149.202.38.124
150.109.44.245
152.231.81.122
176.235.99.166
179.180.144.28
181.118.183.153
186.251.102.85
187.106.238.241
187.12.46.218
187.190.221.71
187.245.88.185
188.211.227.149
189.76.93.64
190.12.47.246
190.144.39.34
190.214.1.26
191.0.70.90
193.165.144.66
197.210.216.22
197.255.255.91
200.165.177.66
200.202.229.218
201.10.154.50
201.49.98.58
202.179.186.138
202.179.4.70
202.191.121.171
212.49.84.113
212.73.137.45
218.60.8.99
221.214.208.226
36.67.233.131
67.197.233.15
78.66.102.104
80.122.84.246

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsVuPIACgkQJxVetMRa
JwX5/g/9FxkduLZPPimqHFxFs61SynPIIslEIUV8JgBNdrJakX4NPiTPfzmta8SZ
+MX10z+yj2SFFcDhJfL0qfoQj7qRHQsShE7hH3KG+bZVVqTpyr5p6JjbA8fiZsiw
q9JcywF3SLDpGDQaMYL0htTFKA70blfhIdzTPxs0HFKN6lAL2C57QDNNHGTtlv0Q
UZC0HQp9YiFrdoIKAxQnp7/h/91MKV8Z6GlkdSPjK20aMDIm9pku49QZ50v1yNtN
+KhMBDAzRYMzSVhPEPpDs5AcziuqiLNm3DmuK0Xbj+OYxH17FYNjREACBua0VNE/
mJ0eza1wfCEUPLfqrQlM37BtkFyWdQdn4QM+2k4uQuV+zdWdxdtiXc54OBAEwbrZ
TcPK4xM02trDIQwUJz8cb7dJD1S2oI3KofnrhNwwF1Dg7FzpnQSCSoseLjWljnvo
uD8th/qww/dVSyxP3abSqDu2VrIxPxYw8Q7Lqrx41Q5h1pfx9MrApkymwxLo+B2t
GIPCdYF1NxH58K3dZkmY/syXWbkPnerT7rNOcwolh0CBiPXD0n7ag23RozAmVh9J
WIrJVR/CPFlX9YoMTfT13+XWvpjH526msYUAK6ER/m5webuV3ltElWG9M0aOSocM
shlPEdYkCTZZXrPpTc290KHIyd20hj3uyT2xkj7AKwlelnLhfwM=
=rw6m
-END PGP SIGNATURE-

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Mailman-Users Digest, Vol 172, Issue 6

2018-06-04 Thread Russell Clemings 
They seem to be changing their tactics pretty much regularly now. Just
tailing the subscribe log I see all of these:

Jun 04 21:28:16 2018 (16689) LISTNAME1: pending Steven Lugo <
supp...@quickbitcoin.co.uk>  159.203.88.55
Jun 04 21:30:06 2018 (17063) LISTNAME1: pending Steve Asher <
supp...@bitcoin.com.au>  185.237.98.51
Jun 04 21:30:38 2018 (17503) LISTNAME2: pending Sterling Leng <
supp...@vaultoro.com>  185.237.98.51
Jun 04 21:31:26 2018 (17651) LISTNAME3: pending Cristina Hibbard <
supp...@vaultoro.com>  59.152.95.54
Jun 04 21:32:01 2018 (17754) LISTNAME3: pending Kirk Maddox <
supp...@bitcoin.com.au>  185.237.98.51
Jun 04 21:33:58 2018 (18188) LISTNAME4: pending Jarrod Rand <
supp...@vaultoro.com>  80.211.240.206
Jun 04 21:36:54 2018 (19212) LISTNAME5: pending Anna Glen <
supp...@quickbitcoin.co.uk>  159.203.88.55
Jun 04 21:36:59 2018 (19231) LISTNAME1: pending John Savage <
supp...@bitflyer.com>  39.137.69.9
Jun 04 21:38:21 2018 (19476) LISTNAME4: pending Sarah Adami <
supp...@coindirect.com>  185.237.98.51




> -- Forwarded message --
> From: Mark Sapiro 
> To: mailman-users@python.org
> Cc:
> Bcc:
> Date: Sun, 3 Jun 2018 17:19:33 -0700
> Subject: Re: [Mailman-Users] Spam Subscriptions
> On 06/03/2018 04:28 PM, Mark Dale wrote:
> >
> >> I use this regexp in the GLOBAL_BAN_LIST
> >>
> >> ^[0-9a-z.]{8,}\+[0-9a-z]{4,}@gmail\.com$
> >
> > I'm getting errors with the above however it seems to do the job
> > if I enclose it in quotes and remove the trailing $ - like so:
> >
> > GLOBAL_BAN_LIST = ['^[0-9a-z.]{6,}\+[0-9a-z]{4,}@gmail\.com']
>
>
> What you have done is correct. I don't know why you would have needed to
> remove the '$'. Did you get an error and if so, what?.
>
> The regexp I gave was just intended to be an example regexp. The
> BAN_LIST is actually a list of strings so regexps in the BAN_LIST have
> to be quoted and enclosed in [] and comma separated if more than one.
>
> Also, it doesn't matter in this case because \+ and \. are not
> meaningful string metacharacters, but it never hurts to define them as
> raw strings like, e.g.,
>
> GLOBAL_BAN_LIST = [r'^[0-9a-z.]{8,}\+[0-9a-z]{4,}@gmail\.com$']
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
>
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Any scripting available for global site admin

2018-06-04 Thread Gretchen R Beck 
Global remove is easy. The bin/remove_members application as a --fromall option

So something like this:

/bin/remove_members --fromall idtoremove@their.domain


Gretchen Beck

Carnegie Mellon



From: Mailman-Users  on 
behalf of Parker, Michael D. 
Sent: Monday, June 4, 2018 2:47 PM
To: mailman-users@python.org
Subject: [Mailman-Users] Any scripting available for global site admin

I have mailman 2.x and am specifically interested in knowing how to do the 
following two tasks:


1.   List all users with all their mailing lists

2.   Globally remove a user from all mailing lists

Thanks.

* * *
Michael D. Parker - provisional CISSP
General Atomics - ElectroMagnetics Systems Group (EMS)
michael.d.par...@ga.com  < NOTE: Remember 
to include my middle initial >

*
The information contained in this electronic message is intended only for the 
use of the individual or entity to
which it is addressed and may contain information that is privileged, 
confidential and exempt from disclosure
under applicable law. This message may also contain technical data, export of 
which is restricted by the
International Traffic in Arms Regulations (ITAR). Disclosure to foreign persons 
without prior U.S. Government
approval is prohibited. Violations of these export laws and regulations are 
subject to severe civil and criminal
penalties.

This message may include Company Sensitive and/or Proprietary Information.  If 
the reader
of this message is not the intended recipient, you are informed that any 
dissemination, copying or disclosure of
the material contained herein, in whole or in part, is strictly prohibited. If 
you received this message in error,
please notify the sender by reply e-mail and delete all copies of this message.
**

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/cmupythia%40cmu.edu
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Any scripting available for global site admin

2018-06-04 Thread Jim Popovitch via Mailman-Users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, 2018-06-04 at 18:47 +, Parker, Michael D. wrote:
> I have mailman 2.x and am specifically interested in knowing how to
> do the following two tasks:
> 
> 
> 1.   List all users with all their mailing lists

list_members -h

> 
> 2.   Globally remove a user from all mailing lists


remove_members -h


- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsVjcAACgkQJxVetMRa
JwXfNA/+JKUTpU6s/Pgw38RVt0gieuymvcfY4F9tQcJTlXbGJmfEL1AYAdZKRWrd
idQ8Ct1g4ZW3C8Xp3t28fXF2xPGxrNpXq7RSCaJWkrYGt4qpR/3W8fHgkXpQy/8V
zYXPk2W+rncbTYY2NyXfQK+OaMNT5bpsQ/ZpInI5rnS48pfFS8dlTahC1bTRqMf3
VVj7IlVFs2VvNznVXOPLI9axyHZECFVlQ5x3/KMi7NWipqHn6JzYqSAWGoUEOrps
dY7eh3DxPkS4yCDMe8RssSCzjDBmJRBdAyrvk9njmhNGRhDRDRPAIrRc8LrFsSJ9
DENmNdNYqUSHuryHNG0YvMRyFxj4QLlyBQaS6F2QBaK1KkYCX8her9y94FVi+dXA
HexGBbEsLIN0j/3pGQcQLXiidZv8BS3O6+pAmoRMeBDE+yC4+sdZiNDE5pF4zSKI
Z9yyrPDe4ZMZa5dVXzbVHc9HSwcAW/9uW7Lftq36G9t1SeypBdRnDbYT5u8bXN2o
0DYNCwriyxKwil/KeSBHaP+aqxloI6Poh07z1Wz8i/WzSCFux/dmVttQgLklu6Ra
Ww5vqj23oDHytr5rERKKCpjNUOC5HwhNO5o6VBktvfj609e1RQlGRs9Tio2ue1ka
wqY18555JQr6lJxCz6je5uF3Wb4N60jAM/pehsIafJpzpCtS3h4=
=mSvT
-END PGP SIGNATURE-

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Any scripting available for global site admin

2018-06-04 Thread Parker, Michael D. 
I have mailman 2.x and am specifically interested in knowing how to do the 
following two tasks:


1.   List all users with all their mailing lists

2.   Globally remove a user from all mailing lists

Thanks.

* * *
Michael D. Parker - provisional CISSP
General Atomics - ElectroMagnetics Systems Group (EMS)
michael.d.par...@ga.com  < NOTE: Remember 
to include my middle initial >

*
The information contained in this electronic message is intended only for the 
use of the individual or entity to
which it is addressed and may contain information that is privileged, 
confidential and exempt from disclosure
under applicable law. This message may also contain technical data, export of 
which is restricted by the
International Traffic in Arms Regulations (ITAR). Disclosure to foreign persons 
without prior U.S. Government
approval is prohibited. Violations of these export laws and regulations are 
subject to severe civil and criminal
penalties.

This message may include Company Sensitive and/or Proprietary Information.  If 
the reader
of this message is not the intended recipient, you are informed that any 
dissemination, copying or disclosure of
the material contained herein, in whole or in part, is strictly prohibited. If 
you received this message in error,
please notify the sender by reply e-mail and delete all copies of this message.
**

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Fail2ban on the Mailman web interface

2018-06-04 Thread Henrique Fagundes 

Thank you friend,

With this, I can configure Fail2Ban to stop the attack.
Block the IP on which you tried to log in without success for more than 
three consecutive times.


Regards,

Henrique Fagundes
supo...@aprendendolinux.com
Skype: magnata-br-rj
Linux User: 475399

https://www.aprendendolinux.com
https://www.facebook.com/AprendendoLinux
https://youtube.com/AprendendoLinux
https://twitter.com/AprendendoLinux
https://telegram.me/AprendendoLinux
__
Participe do Grupo Aprendendo Linux
https://listas.aprendendolinux.com/listinfo/aprendendolinux

Ou envie um e-mail para:
aprendendolinux-subscr...@listas.aprendendolinux.com

Em 03/06/2018 19:53, Mark Sapiro escreveu:

Mailman reports all authentication failures to the web server with a 401
status. Here are some typical messages from the Apache access log.

45.24.217.241 - - [03/Jun/2018:15:41:23 -0700] "POST
/mailman/options/LISTNAME HTTP/1.1" 401 4532
"https://www.example.com/mailman/options/LISTNAME;  "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"

45.24.217.241 - - [03/Jun/2018:15:40:46 -0700] "POST
/mailman/admindb/LISTNAME HTTP/1.1" 401 2715
"https://www.example.com/mailman/admindb/LISTNAME;  "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"

You should be able to recognize those with fail2ban without any
modification to Mailman's logging.


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam Subscriptions

2018-06-04 Thread Stephen J. Turnbull 
Mark Dale writes:

 > D'oh. My apologies. The error was not from the trailing '$' but 
 > from not having the quotes in place originally. All is now well 
 > (with the above).

No big deal; on the contrary, we really appreciate your report
confirming that the regex works as expected for you, after all.

Thank *you*!

Steve



--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org