subject:"\[Mailman\-Users\] Re\: protecting the web interface against subscription spam"

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-08 Thread AJ

Just to close this out.  It wound up being a Content Security Policy on the
apache server.
Thanks to all for their help.

On Fri, Mar 5, 2021 at 9:32 PM Mark Sapiro  wrote:

> On 3/5/21 6:14 PM, Al Brussey wrote:
> > There is nothing between the digest question and the submit button.
> >
> > When I submit the form, I get this:
> >
> > reCAPTCHA validation failed: missing-input-response
>
> That's the expected response in this case.
>
> Have you tried different browsers? Is there a firewall or something that
> could be interfering with getting the recaptcha from
> https://www.google.com/recaptcha/api.js?hl=en ?
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/
>
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-08 Thread AJ

Sure will do.  Thanks so much.

On Mon, Mar 8, 2021 at 11:37 AM Brian Carpenter 
wrote:

> On 3/8/21 11:27 AM, AJ wrote:
> > Just confirmed, the mailman server can reach the Google reCaptcha URL.
> > I also tried different browsers.  I do see the ReCaptcha on here:
> > https://mail.python.org/mailman/listinfo/
> >
> > Do I need any other python modules for this?
>
> I am leaning very heavy towards something wrong with the HTML code for
> your listinfo page. The error (if I remember correctly) is saying that
> the verification is failing which I assume is because the recaptcha UI
> element is missing. Can you send me your entire listinfo html code in a
> text file off-list so I can compare it with one of my hosted Mailman 2
> lists where I know recaptcha UI element is showing?
>
> --
> Brian Carpenter
> Harmonylists.com
> Emwd.com
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/
>
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-08 Thread Brian Carpenter


On 3/8/21 11:27 AM, AJ wrote:

Just confirmed, the mailman server can reach the Google reCaptcha URL.
I also tried different browsers.  I do see the ReCaptcha on here:
https://mail.python.org/mailman/listinfo/

Do I need any other python modules for this?


I am leaning very heavy towards something wrong with the HTML code for 
your listinfo page. The error (if I remember correctly) is saying that 
the verification is failing which I assume is because the recaptcha UI 
element is missing. Can you send me your entire listinfo html code in a 
text file off-list so I can compare it with one of my hosted Mailman 2 
lists where I know recaptcha UI element is showing?


--
Brian Carpenter
Harmonylists.com
Emwd.com
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-08 Thread AJ

Just confirmed, the mailman server can reach the Google reCaptcha URL.
I also tried different browsers.  I do see the ReCaptcha on here:
https://mail.python.org/mailman/listinfo/

Do I need any other python modules for this?


On Fri, Mar 5, 2021 at 7:38 PM Mark Sapiro  wrote:

> On 3/5/21 3:35 PM, Al Brussey wrote:
> > Yes they are v2 keys.
> >
> >> On Mar 5, 2021, at 5:28 PM, Mark Sapiro  wrote:
> >>
> >> On 3/5/21 2:10 PM, AJ wrote:
> >>>
> >>> View source of page, i see this, with the correct site key:
> >>>
> >>>   This form requires
> >>> JavaScript. >>> src="https://www.google.com/recaptcha/api.js?hl=en";>
> >>>  >>> data-sitekey="xxx">
> >>
> >>
> >> Are your keys for recaptcha v2 - v3 doesn't work with Mailman
>
>
> Well, the relevant code is in the form. This is exactly the same except
> for the data-sitekey value as for example the various lists at
>  and it works there.
>
> Have you tried different browsers? Do you see anything on the page
> between "Would you like to receive list mail batched in a daily digest?"
> and the Subscribe button? What happens if you submit the form?
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/
>
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Al Brussey

Yea tried different browsers, let me see if I can get that url manually from 
the server.

> On Mar 5, 2021, at 9:32 PM, Mark Sapiro  wrote:
> 
> On 3/5/21 6:14 PM, Al Brussey wrote:
>> There is nothing between the digest question and the submit button. 
>> 
>> When I submit the form, I get this:
>> 
>> reCAPTCHA validation failed: missing-input-response
> 
> That's the expected response in this case.
> 
> Have you tried different browsers? Is there a firewall or something that
> could be interfering with getting the recaptcha from
> https://www.google.com/recaptcha/api.js?hl=en ?
> 
> -- 
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
>https://mail.python.org/archives/list/mailman-users@python.org/
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Mark Sapiro

On 3/5/21 6:14 PM, Al Brussey wrote:
> There is nothing between the digest question and the submit button. 
> 
> When I submit the form, I get this:
> 
> reCAPTCHA validation failed: missing-input-response

That's the expected response in this case.

Have you tried different browsers? Is there a firewall or something that
could be interfering with getting the recaptcha from
https://www.google.com/recaptcha/api.js?hl=en ?

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Al Brussey

There is nothing between the digest question and the submit button. 

When I submit the form, I get this:

reCAPTCHA validation failed: missing-input-response

> On Mar 5, 2021, at 7:38 PM, Mark Sapiro  wrote:
> 
> On 3/5/21 3:35 PM, Al Brussey wrote:
>> Yes they are v2 keys.
>> 
 On Mar 5, 2021, at 5:28 PM, Mark Sapiro  wrote:
>>> 
>>> On 3/5/21 2:10 PM, AJ wrote:
 
 View source of page, i see this, with the correct site key:
 
  This form requires
 JavaScript.>>> src="https://www.google.com/recaptcha/api.js?hl=en";>
 >>> data-sitekey="xxx">
>>> 
>>> 
>>> Are your keys for recaptcha v2 - v3 doesn't work with Mailman
> 
> 
> Well, the relevant code is in the form. This is exactly the same except
> for the data-sitekey value as for example the various lists at
>  and it works there.
> 
> Have you tried different browsers? Do you see anything on the page
> between "Would you like to receive list mail batched in a daily digest?"
> and the Subscribe button? What happens if you submit the form?
> 
> -- 
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
>https://mail.python.org/archives/list/mailman-users@python.org/
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Mark Sapiro

On 3/5/21 3:35 PM, Al Brussey wrote:
> Yes they are v2 keys.
> 
>> On Mar 5, 2021, at 5:28 PM, Mark Sapiro  wrote:
>>
>> On 3/5/21 2:10 PM, AJ wrote:
>>>
>>> View source of page, i see this, with the correct site key:
>>>
>>>   This form requires
>>> JavaScript.>> src="https://www.google.com/recaptcha/api.js?hl=en";>
>>> >> data-sitekey="xxx">
>>
>>
>> Are your keys for recaptcha v2 - v3 doesn't work with Mailman


Well, the relevant code is in the form. This is exactly the same except
for the data-sitekey value as for example the various lists at
 and it works there.

Have you tried different browsers? Do you see anything on the page
between "Would you like to receive list mail batched in a daily digest?"
and the Subscribe button? What happens if you submit the form?

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Al Brussey

Yes they are v2 keys.

> On Mar 5, 2021, at 5:28 PM, Mark Sapiro  wrote:
> 
> On 3/5/21 2:10 PM, AJ wrote:
>> 
>> View source of page, i see this, with the correct site key:
>> 
>>   This form requires
>> JavaScript.> src="https://www.google.com/recaptcha/api.js?hl=en";>
>> > data-sitekey="xxx">
> 
> 
> Are your keys for recaptcha v2 - v3 doesn't work with Mailman
> 
> -- 
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
>https://mail.python.org/archives/list/mailman-users@python.org/
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Mark Sapiro

On 3/5/21 2:10 PM, AJ wrote:
> 
> View source of page, i see this, with the correct site key:
> 
>    This form requires
> JavaScript. src="https://www.google.com/recaptcha/api.js?hl=en";>
>  data-sitekey="xxx">


Are your keys for recaptcha v2 - v3 doesn't work with Mailman

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Chromatest J. Pantsmaker

Looks like your noscript plugin is blocking javascript

On Fri, Mar 5, 2021 at 3:12 PM AJ  wrote:

> Keys set properly in mm_cfg.py.  I am on Mailman 2.1.34.
>
> mm_cfg.py:
>
> SUBSCRIBE_FORM_SECRET = "xxx"
> BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
> BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE = Yes
> RECAPTCHA_SITE_KEY = 'xxx'
> RECAPTCHA_SECRET_KEY = 'xxx'
>
>
> View source of page, i see this, with the correct site key:
>
>    This form requires
> JavaScript. src="https://www.google.com/recaptcha/api.js?hl=en";>
>  data-sitekey="xxx">
>
>
>
>
>
>
>
>
>
>
> On Fri, Mar 5, 2021 at 4:38 PM Mark Sapiro  wrote:
>
> > On 3/5/21 1:24 PM, AJ wrote:
> > > I've tried to enable the reCaptcha by setting the keys in mm_cfg.py and
> > the
> > > list subscribe page does not display the reCaptcha checkbox.
> > > This is the case on new and old lists.  I've confirmed the following is
> > > added to templates/en/listinfo.html
> > >
> > >   
> > >   
> > >   
> > >
> > > None of the old lists have custom listinfo.html pages.
> > > Any clue on where else to look?
> >
> >
> > Have you set the keys as
> >
> > RECAPTCHA_SITE_KEY = '...'
> > RECAPTCHA_SECRET_KEY = '...'
> >
> > capitalized and spelled correctly?
> >
> > Is Javascript enabled in your browser? If not, you should see
> >
> > This form requires JavaScript.
> >
> > instead of the recaptcha.
> >
> > Iv you view the source of the page in your browser, what do you see?
> >
> > --
> > Mark Sapiro The highway is for gamblers,
> > San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> > --
> > Mailman-Users mailing list -- mailman-users@python.org
> > To unsubscribe send an email to mailman-users-le...@python.org
> > https://mail.python.org/mailman3/lists/mailman-users.python.org/
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Security Policy: http://wiki.list.org/x/QIA9
> > Searchable Archives:
> > https://www.mail-archive.com/mailman-users@python.org/
> > https://mail.python.org/archives/list/mailman-users@python.org/
> >
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/
>
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread AJ

Keys set properly in mm_cfg.py.  I am on Mailman 2.1.34.

mm_cfg.py:

SUBSCRIBE_FORM_SECRET = "xxx"
BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE = Yes
RECAPTCHA_SITE_KEY = 'xxx'
RECAPTCHA_SECRET_KEY = 'xxx'


View source of page, i see this, with the correct site key:

   This form requires
JavaScript.https://www.google.com/recaptcha/api.js?hl=en";>











On Fri, Mar 5, 2021 at 4:38 PM Mark Sapiro  wrote:

> On 3/5/21 1:24 PM, AJ wrote:
> > I've tried to enable the reCaptcha by setting the keys in mm_cfg.py and
> the
> > list subscribe page does not display the reCaptcha checkbox.
> > This is the case on new and old lists.  I've confirmed the following is
> > added to templates/en/listinfo.html
> >
> >   
> >   
> >   
> >
> > None of the old lists have custom listinfo.html pages.
> > Any clue on where else to look?
>
>
> Have you set the keys as
>
> RECAPTCHA_SITE_KEY = '...'
> RECAPTCHA_SECRET_KEY = '...'
>
> capitalized and spelled correctly?
>
> Is Javascript enabled in your browser? If not, you should see
>
> This form requires JavaScript.
>
> instead of the recaptcha.
>
> Iv you view the source of the page in your browser, what do you see?
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/
>
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Mark Sapiro

On 3/5/21 1:24 PM, AJ wrote:
> I've tried to enable the reCaptcha by setting the keys in mm_cfg.py and the
> list subscribe page does not display the reCaptcha checkbox.
> This is the case on new and old lists.  I've confirmed the following is
> added to templates/en/listinfo.html
> 
>   
>   
>   
> 
> None of the old lists have custom listinfo.html pages.
> Any clue on where else to look?


Have you set the keys as

RECAPTCHA_SITE_KEY = '...'
RECAPTCHA_SECRET_KEY = '...'

capitalized and spelled correctly?

Is Javascript enabled in your browser? If not, you should see

This form requires JavaScript.

instead of the recaptcha.

Iv you view the source of the page in your browser, what do you see?

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Brian Carpenter


On 3/5/21 4:24 PM, AJ wrote:

I've tried to enable the reCaptcha by setting the keys in mm_cfg.py and the
list subscribe page does not display the reCaptcha checkbox.
This is the case on new and old lists.  I've confirmed the following is
added to templates/en/listinfo.html

   
   
   

None of the old lists have custom listinfo.html pages.
Any clue on where else to look?

Thanks
AJ

On Fri, Mar 5, 2021 at 9:44 AM Brian Carpenter 
wrote:


On 3/5/21 9:31 AM, jor...@gmail.com wrote:

currently we get  inundated with abuse complaint mails because our
mailman instance is targeted by spambots who for whatever reason try to
subscribe to the lists at our side with addresses belonging to someone
else, and when mailman sends out the confirmation email, this is
considered spam by the recipient and occasionally reported as abuse.

Athttps://www.ralfj.de/blog/2018/06/02/mailman-subscription-spam.html
I found the hint that in /etc/mailman/mm_cfg.py, one should set
SUBSCRIBE_FORM_SECRET to a random string which will trigger mailman to
embed aCSRF tokeninto the subscription form.

This, unfortunately hasn't helped. The abuse mail complaints kept
coming.

On the same page I found the note that you can also embed a captcha.
However I have not found instructions on how to do this.

If this is really the case, could somebody give me a link to where I
can find the instructions?

Depending upon what version of Mailman 2 you are running, you can add
the following to your mailman_install_dir/Mailman/mm_cfg.py

BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
RECAPTCHA_SITE_KEY = "recaptcha site key"
RECAPTCHA_SECRET_KEY = "recaptcha secret key"

What version of Mailman 2 are you running?

--
Brian Carpenter
Harmonylists.com
Emwd.com
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives:
https://www.mail-archive.com/mailman-users@python.org/
 https://mail.python.org/archives/list/mailman-users@python.org/


--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
 https://mail.python.org/archives/list/mailman-users@python.org/


What version of Mailman 2 are you running?

--
Brian Carpenter
Harmonylists.com
Emwd.com
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread AJ

I've tried to enable the reCaptcha by setting the keys in mm_cfg.py and the
list subscribe page does not display the reCaptcha checkbox.
This is the case on new and old lists.  I've confirmed the following is
added to templates/en/listinfo.html

  
  
  

None of the old lists have custom listinfo.html pages.
Any clue on where else to look?

Thanks
AJ

On Fri, Mar 5, 2021 at 9:44 AM Brian Carpenter 
wrote:

> On 3/5/21 9:31 AM, jor...@gmail.com wrote:
> > currently we get  inundated with abuse complaint mails because our
> > mailman instance is targeted by spambots who for whatever reason try to
> > subscribe to the lists at our side with addresses belonging to someone
> > else, and when mailman sends out the confirmation email, this is
> > considered spam by the recipient and occasionally reported as abuse.
> >
> > Athttps://www.ralfj.de/blog/2018/06/02/mailman-subscription-spam.html
> > I found the hint that in /etc/mailman/mm_cfg.py, one should set
> > SUBSCRIBE_FORM_SECRET to a random string which will trigger mailman to
> > embed aCSRF tokeninto the subscription form.
> >
> > This, unfortunately hasn't helped. The abuse mail complaints kept
> > coming.
> >
> > On the same page I found the note that you can also embed a captcha.
> > However I have not found instructions on how to do this.
> >
> > If this is really the case, could somebody give me a link to where I
> > can find the instructions?
>
> Depending upon what version of Mailman 2 you are running, you can add
> the following to your mailman_install_dir/Mailman/mm_cfg.py
>
> BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
> RECAPTCHA_SITE_KEY = "recaptcha site key"
> RECAPTCHA_SECRET_KEY = "recaptcha secret key"
>
> What version of Mailman 2 are you running?
>
> --
> Brian Carpenter
> Harmonylists.com
> Emwd.com
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/
>
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam (solved)

2021-03-05 Thread Brian Carpenter


On 3/5/21 10:01 AM, jor...@gmail.com wrote:

Am Freitag, dem 05.03.2021 um 09:41 -0500 schrieb Brian Carpenter:



Depending upon what version of Mailman 2 you are running, you can add
the following to your mailman_install_dir/Mailman/mm_cfg.py

BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
RECAPTCHA_SITE_KEY = "recaptcha site key"
RECAPTCHA_SECRET_KEY = "recaptcha secret key"

Thanks! Indeed that works! Thanks so much!

Caveat: only recaptcha v2 works (for me)

Cheers,

Johannes


--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
 https://mail.python.org/archives/list/mailman-users@python.org/


You're welcome and I am glad to be of assistance.

--
Brian Carpenter
Harmonylists.com
Emwd.com
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread jorohr

Am Freitag, dem 05.03.2021 um 09:41 -0500 schrieb Brian Carpenter:


> 
> Depending upon what version of Mailman 2 you are running, you can add
> the following to your mailman_install_dir/Mailman/mm_cfg.py
> 
> BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
> RECAPTCHA_SITE_KEY = "recaptcha site key"
> RECAPTCHA_SECRET_KEY = "recaptcha secret key"

Thanks! Indeed that works! Thanks so much! 

Caveat: only recaptcha v2 works (for me)

Cheers,

Johannes


--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

2021-03-05 Thread Brian Carpenter


On 3/5/21 9:31 AM, jor...@gmail.com wrote:

currently we get  inundated with abuse complaint mails because our
mailman instance is targeted by spambots who for whatever reason try to
subscribe to the lists at our side with addresses belonging to someone
else, and when mailman sends out the confirmation email, this is
considered spam by the recipient and occasionally reported as abuse.

Athttps://www.ralfj.de/blog/2018/06/02/mailman-subscription-spam.html  
I found the hint that in /etc/mailman/mm_cfg.py, one should set

SUBSCRIBE_FORM_SECRET to a random string which will trigger mailman to
embed aCSRF tokeninto the subscription form.

This, unfortunately hasn't helped. The abuse mail complaints kept
coming.

On the same page I found the note that you can also embed a captcha.
However I have not found instructions on how to do this.

If this is really the case, could somebody give me a link to where I
can find the instructions?


Depending upon what version of Mailman 2 you are running, you can add 
the following to your mailman_install_dir/Mailman/mm_cfg.py


BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
RECAPTCHA_SITE_KEY = "recaptcha site key"
RECAPTCHA_SECRET_KEY = "recaptcha secret key"

What version of Mailman 2 are you running?

--
Brian Carpenter
Harmonylists.com
Emwd.com
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam (solved)

[Mailman-Users] Re: protecting the web interface against subscription spam

[Mailman-Users] Re: protecting the web interface against subscription spam

18 matches

Site Navigation

Mail list logo

Footer information