[ale] Help!! Ale is being abused

Jim Kinney jim.kinney at gmail.com
Tue Jul 12 21:56:56 EDT 2022 

I say disable the addresses in postfix. It is an easily automated way to bring the server to it's knees and rack up bad vibes for ale and potentially fines from the hosting provider. If someone actually complains, we can add them manually or refer them to the web form. 



On July 12, 2022 6:10:58 PM MST, Robert Tweedy <robert at robert-tweedy.com> wrote:
>I feel like disabling the Mailman "-request" and "-subscribe" addresses
>
>would have unintended side effects, but it's technically a possibility;
>
>does anyone more familiar with GNU Mailman know if this is:
>
>1. A bad idea/will severely break core Mailman functions
>(alternatively, 
>how many people will start sending in complaints that their emails to 
>"ale-request at ale.org" stopped working)?
>2. An option that's available through Mailman's configuration files? Or
>
>would I need to modify the Postfix aliases to achieve this?
>
>-Robert
>
>On 7/12/22 20:40, Derek Atkins wrote:
>> Another option is to turn off handling of email-based subscription
>> requests and require going through the web interface?
>>
>> -derek
>>
>> On Tue, July 12, 2022 8:17 pm, Robert Tweedy via Ale wrote:
>>> I've gotten a basic Captcha configured now on Mailman's main sign-up
>>> pages (which is likely where the issue's coming from), so this will
>>> hopefully lessen the problem. I'm definitely open to any suggestions
>for
>>> improvement as well as donations of time to implement a better
>>> spam-filtering mechanism to prevent the server from responding to
>every
>>> incoming message it receives (ie. Mailman either needs to be smarter
>>> about what messages it replies to & what messages it just
>>> ignores/discards without a reply, or we need our spam filter to also
>>> work internally & keep Mailman from sending out spam on its own when
>>> someone/something abuses forms on the site that could generate an
>email).
>>>
>>> On 7/12/22 18:01, Jim Kinney via Ale wrote:
>>>> Started getting these notices/complaints today and each one is a $5
>>>> charge from my hosting provider. We're up to $35 so far today.
>>>>
>>>> I'm on work out of state and didn't travel with any personal gear
>and
>>>> Robert is also slammed. Can someone gently talk with the recipient
>and
>>>> ask if they can simply delete/block instead of complain.
>>>>
>>>> We are open to ideas. That email is already blocked.
>>>>
>>>>
>>>> <snip>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> https://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>

-- 
Computers amplify human error
Super computers are really cool
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20220712/d36abb22/attachment.htm>

More information about the Ale mailing list