Re: [mailop] Just how does SendGrid fail this badly?

2020-08-19 Thread Philip Paeps via mailop
On 2020-08-18 20:23:37 (+0800), Atro Tossavainen via mailop wrote: The SendGrid account sending these yesterday is 13999362. The one I've seen most often is 12340469 with 9789821 a close second and 8512936 in third place. Given that these are so blatant, I don't believe there's any point in

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

2020-08-19 Thread Philip Paeps via mailop
On 2020-08-20 10:52:40 (+0800), Michael Wise via mailop wrote: Before they abuse a web API, I'd strongly suspect that they would abuse port 25. But yes, it would be an interesting hypothesis to validate I hadn't considered that. It's not unlikely that by the time a botnet gets around to

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

2020-08-19 Thread Michael Wise via mailop
Before they abuse a web API, I'd strongly suspect that they would abuse port 25. But yes, it would be an interesting hypothesis to validate And this isn’t just, “Spam”; it’s far more intensive, and can only best be appreciated from the POV of the recipient. They’re not just using you to

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

2020-08-19 Thread Philip Paeps via mailop
On 2020-08-20 05:17:09 (+0800), Michael Wise via mailop wrote: BotNet? Were they listed in the SpamHaus XBL as being compromised? The problem is that the subscriptions come in through the Mailman web interface, not through email. Arguably, this is a variant of the old "send an email greeting

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

2020-08-19 Thread Michael Wise via mailop
BotNet? Were they listed in the SpamHaus XBL as being compromised? Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail ? -Original Message- From: mailo

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

2020-08-19 Thread Michael Wise via mailop
You might want to generate a hash of the "Subscribers' Addresses" and if you see more than say, 5? In a 1 minute period, block all subsequent attempts. https://www.spamhaus.org/news/article/734/subscription-bombing-coi-captcha-and-the-next-generation-of-mail-bombs (2016-09-16 20

Re: [mailop] test Wed, 19 Aug 2020 20:55:45 +0200

2020-08-19 Thread Patrick Ben Koetter via mailop
Duh! Please ignore this test message. It was supposed to stay locked on the new mailop.org mailserver. p@ Am 19.08.20 um 20:55 schrieb p...@sys4.de: > This is a test mailing > -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: M

Re: [mailop] Mailman confirmation email denial of service

2020-08-19 Thread Andy Smith via mailop
Hi, On Wed, Aug 19, 2020 at 07:53:43PM +0800, Philip Paeps via mailop wrote: > On 2020-08-19 18:24:30 (+0800), Andreas Schamanek via mailop wrote: > >BTW, Mailman mm_cfg.py option `SUBSCRIBE_FORM_SECRET` apparently mitigates > >the DoS, too. > > We've also had some success in the past with raisin

Re: [mailop] Mailman confirmation email denial of service

2020-08-19 Thread Philip Paeps via mailop
On 2020-08-19 18:24:30 (+0800), Andreas Schamanek via mailop wrote: On Wed, 19 Aug 2020, at 09:51, Andy Smith via mailop wrote: Since yesterday I've been seeing a large number of attempted subscriptions to all the public lists on one of my Mailman servers. (...) I can confirm this for my serv

Re: [mailop] Mailman confirmation email denial of service

2020-08-19 Thread Philip Paeps via mailop
On 2020-08-19 17:51:51 (+0800), Andy Smith via mailop wrote: Since yesterday I've been seeing a large number of attempted subscriptions to all the public lists on one of my Mailman servers. There's so far been 160 attempted subscriptions for 69 unique email addresses. I see some of this on F

Re: [mailop] Mailman confirmation email denial of service

2020-08-19 Thread Marlen Caemmerer via mailop
Hello, seeing this here, too. But I did only receive a small number of requests (about 100 in the last day). Every IP I find in the logs connects only once to try to subscribe. The IP addresses are registered for 5 different providers in the US. Thanks for the UserAgent workaround. Cheers

Re: [mailop] Mailman confirmation email denial of service

2020-08-19 Thread Jim Popovitch via mailop
On Wed, 2020-08-19 at 12:24 +0200, Andreas Schamanek via mailop wrote: > On Wed, 19 Aug 2020, at 09:51, Andy Smith via mailop wrote: > > > Since yesterday I've been seeing a large number of attempted > > subscriptions to all the public lists on one of my Mailman servers. > > (...) > > I can conf

Re: [mailop] Mailman confirmation email denial of service

2020-08-19 Thread Andreas Schamanek via mailop
On Wed, 19 Aug 2020, at 09:51, Andy Smith via mailop wrote: Since yesterday I've been seeing a large number of attempted subscriptions to all the public lists on one of my Mailman servers. (...) I can confirm this for my servers from top to end including some of the hashes. BTW, Mailman m

Re: [mailop] Mailman confirmation email denial of service

2020-08-19 Thread Hans-Martin Mosner via mailop
Am 19.08.20 um 11:51 schrieb Andy Smith via mailop: > Hi, > > Not sure if this is the best place to mention this, but… > > Since yesterday I've been seeing a large number of attempted > subscriptions to all the public lists on one of my Mailman servers. > There's so far been 160 attempted subscript

[mailop] Mailman confirmation email denial of service

2020-08-19 Thread Andy Smith via mailop
Hi, Not sure if this is the best place to mention this, but… Since yesterday I've been seeing a large number of attempted subscriptions to all the public lists on one of my Mailman servers. There's so far been 160 attempted subscriptions for 69 unique email addresses. These addresses never compl