[ale] [EXTERNAL] Re: Help!! Ale is being abused

[Allen Beddingfield]

I'm not familiar with the hosting setup for the list, but is it a VM hosted with a VPS provider?  I've never heard of getting charged for complaints like that.  Maybe also time to shop around for another hosting provider that doesn't care as much?
Just a thought.
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen at ua.edu

________________________________________
From: Ale <ale-bounces at ale.org> on behalf of Jim Kinney via Ale <ale at ale.org>
Sent: Tuesday, July 12, 2022 8:56 PM
To: Robert Tweedy; Derek Atkins; Atlanta Linux Enthusiasts
Cc: Jim Kinney
Subject: [EXTERNAL] Re: [ale] Help!! Ale is being abused

I say disable the addresses in postfix. It is an easily automated way to bring the server to it's knees and rack up bad vibes for ale and potentially fines from the hosting provider. If someone actually complains, we can add them manually or refer them to the web form.



On July 12, 2022 6:10:58 PM MST, Robert Tweedy <robert at robert-tweedy.com> wrote:
I feel like disabling the Mailman "-request" and "-subscribe" addresses would have unintended side effects, but it's technically a possibility; does anyone more familiar with GNU Mailman know if this is:

1. A bad idea/will severely break core Mailman functions (alternatively, how many people will start sending in complaints that their emails to "ale-request at ale.org"<mailto:ale-request at ale.org> stopped working)?
2. An option that's available through Mailman's configuration files? Or would I need to modify the Postfix aliases to achieve this?

-Robert

On 7/12/22 20:40, Derek Atkins wrote:

Another option is to turn off handling of email-based subscription
requests and require going through the web interface?

-derek

On Tue, July 12, 2022 8:17 pm, Robert Tweedy via Ale wrote:


I've gotten a basic Captcha configured now on Mailman's main sign-up
pages (which is likely where the issue's coming from), so this will
hopefully lessen the problem. I'm definitely open to any suggestions for
improvement as well as donations of time to implement a better
spam-filtering mechanism to prevent the server from responding to every
incoming message it receives (ie. Mailman either needs to be smarter
about what messages it replies to & what messages it just
ignores/discards without a reply, or we need our spam filter to also
work internally & keep Mailman from sending out spam on its own when
someone/something abuses forms on the site that could generate an email).

On 7/12/22 18:01, Jim Kinney via Ale wrote:


Started getting these notices/complaints today and each one is a $5
charge from my hosting provider. We're up to $35 so far today.

I'm on work out of state and didn't travel with any personal gear and
Robert is also slammed. Can someone gently talk with the recipient and
ask if they can simply delete/block instead of complain.

We are open to ideas. That email is already blocked.


<snip>


_______________________________________________
Ale mailing list
Ale at ale.org<mailto:Ale at ale.org>
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo








--
Computers amplify human error
Super computers are really cool