On 1/3/25 16:18, David Newman wrote:
Greetings. On a system running Mailman 3.3.9 and Postfix, I'm seeing
about 20-30 entries per day in the Postfix queue where it appears a
Gmail user signs up for a mailing list that requires confirmation, and
Gmail responds that the user is too busy to handle requests.
There are no publicly advertised email lists on this server, and I don't
ever see anything in the Mailman logs indicating the user ever tried
signing up.
This is an attack mail bombing the user. The requests that result in the
can come via web or email. Mailman's logging of subscribes has been
missing most events through Mailman 3.3.10. See
https://gitlab.com/mailman/mailman/-/issues/1143 which will be fixed in
3.3.11, but subscribes waiting user confirmation still won't be logged.
However, the message with subject "Please Confirm Your Email Address"
comes from Django allauth so it isn't actually Mailman sending it but
rather Django allauth as a result of a request to sign up for a Django
account at https://mail.example3.com/accounts/signup/. You can probably
find that request in your web server logs, and you may find the user
and/or email in the Django admin UI.
Since django-mailman3 1.3.6, you can disable these signups by putting
ACCOUNT_ADAPTER = 'django_mailman3.views.user_adapter.DisableSignupAdapter'
in your Django settings, but then your users won't be able to sign up
for web accounts.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/5UXVETCZROJCJVH5LV3NCX3GQ4LPGS2X/
This message sent to arch...@mail-archive.com
