[Pkg-mailman-hackers] Bug#900648: mailman: Set SUBSCRIBE_FORM_SECRET per default to reduce subscription spam
Thijs Kinkhorst
thijs at debian.org
Sun Jun 3 09:15:05 BST 2018
Hi Ralf,
> I recently realized that my mailman installations, despite not being big
> and at least one of them
> not being easy to find from the internet, are being abused for
> subscription spam, with something
> like 1500 messages per day per server. Unfortunately mailman does not
> come with support for a
> CAPTCHA, but what I did find after some research is the configuration
> option SUBSCRIBE_FORM_SECRET.
> Setting that to a random string stopped the subscription spam immediately,
> probably because the
> bots are too fast (1s between requesting the form and sending the POST),
> and mailman enforces
> a 5s delay per default when that option is set.
Thanks for the suggestion. I've been flooded myself aswell.
One thing that also seems to help is to require "confirm" for new
subscriptions, in my experience.
Kind regards,
Thijs Kinkhorst
More information about the Pkg-mailman-hackers
mailing list