[Pkg-mailman-hackers] Bug#381042: mailman: subscription spam prevention

Lionel Elie Mamane lionel at mamane.lu
Fri Aug 4 07:28:45 UTC 2006


On Fri, Aug 04, 2006 at 03:10:06PM +0800, Paul Wise wrote:
> On Fri, 2006-08-04 at 08:54 +0200, Lionel Elie Mamane wrote:

>>> Please apply the attached patch which prevents extra subscription
>>> spam.

>> How does it try to achieve that?

> On a per-list basis, it prevents the same email address from
> attempting to subscribe more than once. It does this by checking the
> request pickle and the confirmations pickle for the list and
> searching them for the email being submitted. If it finds that the
> email already has a pending-approval subscription or a to-be
> confirmed subscription, then it discards the subscription attempt
> and logs a message containing the list name, the email and the IP
> address the HTTP request was sent from.

What if a legitimate user doesn't get the first subscription
confirmation message, e.g. due to a transitory problem in his mail
system, a false positive of an anti-spam check, ...?

-- 
Lionel




More information about the Pkg-mailman-hackers mailing list