Hi, My mailman3.auth_users table contains 131 rows, of which 113 of them were created in the last week. All of these users have a 10 character long random string of lowercase letters as their chosen username. Their email addresses are all over the place.
I only noticed this was happening because an unusual number of the subscription confirmation messages were bouncing back to me as postmaster, and I saw the unlikely user names. I matched up some of the date_joined timings with logs of HTTP POST to /mailman/accounts/signup and every single one so far was a unique IP address. So I am not going to get very far with firewalling. Does anyone have any suggestions what I can do to avoid this? Specifically what I would like to avoid is sending a confirmation email to these potentially innocent addresses. … Hmm, actually I've just noticed that all of them are Tor exit nodes. Looks like I could probably autogenerate an Apache ACL that lists all Tor exit nodes and bans them from posting to /mailman/accounts/signup. Thanks, Andy _______________________________________________ Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-le...@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/BHOATUV7DPWYVEFVGT652YTYYE3XXMHC/ This message sent to arch...@mail-archive.com
