[Pkg-mailman-hackers] Bug#381042: mailman: subscription spam prevention

Paul Wise pabs3 at bonedaddy.net
Fri Aug 4 07:10:06 UTC 2006


On Fri, 2006-08-04 at 08:54 +0200, Lionel Elie Mamane wrote:

> > Please apply the attached patch which prevents extra subscription
> > spam.
> 
> How does it try to achieve that? Does it rate-throttle the
> subscriptions attempts for a particular email? Does it allow for an
> initial burst, for when a legitimate user has email interoperability
> problems? Does it simply discard subscription requests if an unexpired
> cookie exists for the same address?

On a per-list basis, it prevents the same email address from attempting
to subscribe more than once. It does this by checking the request pickle
and the confirmations pickle for the list and searching them for the
email being submitted. If it finds that the email already has a
pending-approval subscription or a to-be confirmed subscription, then it
discards the subscription attempt and logs a message containing the list
name, the email and the IP address the HTTP request was sent from.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/attachments/20060804/76710198/attachment.pgp


More information about the Pkg-mailman-hackers mailing list