[gnome.org #14086] spam subscription requests
- From: "Andrea Veri via RT" <mailman gnome org>
- To: fpeters gnome org
- Cc: gnome-infrastructure gnome org
- Subject: [gnome.org #14086] spam subscription requests
- Date: Thu, 9 Jan 2014 11:41:54 +0000
On Thu Jan 09 08:20:26 2014, fpeters gnome org wrote:
Would it be possible to automatically discard subscription requests
from emails that are already in the queue?
I've been digging a bit about this recently but seems Mailman not including a captcha on the subscription
form has been the cause of the huge spam we're receiving lately. Subscribing to a mailing list is as easy as
sending a POST to one of the hosted mailing lists and providing a fake email and password and triggering the
subscription process. This obviously can be achieved by generating multiple POST requests with a bot that
generates a fake email and a random password and connects to our mailman installation.
After a first look at the configuration of the release-team mailing list it seems 'subscription_policy' is
set to be 'Approval' which means you will be triggered by any fraudolent subscription request the list will
receive. Given the bots won't be able to verify their confirmation email moving the subscription_policy to
'Confirm and Approve' will fix the problem for the list. I did the change myself now, hopefully Mailman 3
will bring some more tools to prevent these kind of issues.
--
Andrea,
GNOME Sysadmin
GNOME Accounts Team
GNOME Membership & Elections Committee Chairman
----------------------------------------------------
This message was sent via GNOME.org Request Tracker.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]