Opened 2 months ago

Last modified 5 weeks ago

#13784 assigned Bug/Something is broken

Attacks on mailman instance

Reported by: Owned by:
Priority: High Component: Tech
Keywords: mailman Cc:
Sensitive: no


It looks like has been receiving the kind of automated attacks on mailman we've been seeing on our other mailman instances. The mailq on roe is full of backscatter mail that couldn't be delivered and your list admins may be getting a ton of false subscription requests. The attacks are a combination of web based false subscriptions and direct e-mail commands to mailman. We've put a lot of work into mitigating both of these on our standard mailman servers. See ticket #11675

I'd like to propose that we migrate your existing lists to our main mailman server so that you can take direct advantage of our ongoing efforts to mitigate these attacks. You will still be able to use your domain for sending and receiving mail. Only accessing the web interface would redirect you to to manage your lists

In the meantime we could also put behind our web based proxy to limit the web based attacks and add the postfwd rules we've implemented on our main mailman server to roe however it would be easier to keep those efforts synchronized if we migrate your lists to the main server.

Please let us know if you are ok with either of the above steps.

Change History (4)

comment:1 Changed 8 weeks ago by

Hi, we haven't received any feedback about this.

comment:2 Changed 7 weeks ago by

Sorry for the delay. I am fine with moving to the MF mailman server. Just so I can let my staff know, will there be any differences in the interface or managing subscriptions, aside from being redirected to

comment:3 Changed 5 weeks ago by

We just got a notification that 27 email addresses were unsubscribed from our funds listserv. Might that be because of the mailman migration?

comment:4 Changed 5 weeks ago by

  • Owner set to
  • Status changed from new to assigned

No. We haven't initiated that transfer. Have the e-mails been successfully unsubscribed or were they sent confirmation requests? This may be a result of the attacks I described above. Sorry I had not seen your update to this ticket giving us the go ahead to transfer the list.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.