[ale] Help!! Ale is being abused

Derek Atkins derek at ihtfp.com
Tue Jul 12 22:08:37 EDT 2022 

I know it won't break core functionality.
You could send the - request email to a person.
I think you need to deal with it in postfix.

-derek
Sent using my mobile device. Please excuse any typos.
On July 12, 2022 9:11:13 PM Robert Tweedy <robert at robert-tweedy.com> wrote:
> I feel like disabling the Mailman "-request" and "-subscribe" addresses 
> would have unintended side effects, but it's technically a possibility; 
> does anyone more familiar with GNU Mailman know if this is:
>
> 1. A bad idea/will severely break core Mailman functions (alternatively, 
> how many people will start sending in complaints that their emails to 
> "ale-request at ale.org" stopped working)?
> 2. An option that's available through Mailman's configuration files? Or 
> would I need to modify the Postfix aliases to achieve this?
>
> -Robert
>
> On 7/12/22 20:40, Derek Atkins wrote:
>> Another option is to turn off handling of email-based subscription
>> requests and require going through the web interface?
>>
>> -derek
>>
>> On Tue, July 12, 2022 8:17 pm, Robert Tweedy via Ale wrote:
>>
>>> I've gotten a basic Captcha configured now on Mailman's main sign-up
>>> pages (which is likely where the issue's coming from), so this will
>>> hopefully lessen the problem. I'm definitely open to any suggestions for
>>> improvement as well as donations of time to implement a better
>>> spam-filtering mechanism to prevent the server from responding to every
>>> incoming message it receives (ie. Mailman either needs to be smarter
>>> about what messages it replies to & what messages it just
>>> ignores/discards without a reply, or we need our spam filter to also
>>> work internally & keep Mailman from sending out spam on its own when
>>> someone/something abuses forms on the site that could generate an email).
>>>
>>> On 7/12/22 18:01, Jim Kinney via Ale wrote:
>>>
>>>> Started getting these notices/complaints today and each one is a $5
>>>> charge from my hosting provider. We're up to $35 so far today.
>>>>
>>>> I'm on work out of state and didn't travel with any personal gear and
>>>> Robert is also slammed. Can someone gently talk with the recipient and
>>>> ask if they can simply delete/block instead of complain.
>>>>
>>>> We are open to ideas. That email is already blocked.
>>>>
>>>>
>>>> <snip>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> https://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20220712/024c6c8f/attachment.htm>

More information about the Ale mailing list