Opened 7 days ago

Last modified 4 days ago

#13792 assigned Task/To do item

Please lift rate limit on mailman signup addresses

Reported by: https://id.mayfirst.org/democorg Owned by: https://id.mayfirst.org/jaimev
Priority: Medium Component: Tech
Keywords: Cc:
Sensitive: no

Description

Hi, we have a pair of mailman addresses that are subject to a 4-message limit each 8 hours; we would like this limit lifted as there are cases in which we may expect more than 4 signups in that time frame.

Can we get the limit changed to 50 or 100 in that time period please? Thanks.

Change History (7)

comment:1 Changed 7 days ago by https://id.mayfirst.org/democorg

relevant addresses

Demup-request@… Demup-es-request@…

comment:2 Changed 7 days ago by https://id.mayfirst.org/jamie

  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

comment:3 Changed 6 days ago by https://id.mayfirst.org/jaimev

Hi, very sorry about this. We've only recently had to put those rules into place to defend against a series of attacks on our mailman service. I can customize the rules to make an exception for your site however I am pretty sure that we will immediately see abuse of e-mail request commands to your list again as these attacks were globally attacking all lists on our mailman server. I need a little time to think about any possible alternatives. For example if we created an alternative address that is unique for your use that would allow you to circumvent the rate limiting.

comment:4 Changed 6 days ago by https://id.mayfirst.org/democracdu

Thanks for your note. This is good information to know. We recently started getting a lot of spam on the e-mail sign-up form on my web sites. We were trying to implement solutions on our end, at the site level, but the 4-message limit was making it impossible to test anything.

Based on the info you've provided, I would assume that the spam we are getting is a result of the global attacks on the mailman server, and that they don't have anything to do with the code on our specific site.

Right now I am getting 4 spam sign-up requests every 8 hours on my lists. In other words, the spammers are very quickly using up the limit, and hence rendering my mailing list sign-up mechanism inoperable.

Please let me know what you come up with and/or how I should monitor this issue. Also, please let me know if we should do anything at the site level. Obviously this is a big concern and I'd like to get it resolved as soon as possible, so that folks will be able to sign up on the list as normal.

Thanks.

comment:5 Changed 6 days ago by https://id.mayfirst.org/jaimev

I know this isn't ideal but as a temporary workaround you might try disabling the sign-ups from your website and redirecting people to the lists.mayfirst.org web interface for mailman sign-ups.

comment:6 Changed 4 days ago by https://id.mayfirst.org/democracdu

Could you let me know if there's any further progress on this? My lists are definitely being subject to the spam attack, and I am getting 4 requests on each every 8 hours. So it is disabling the legitimate function of the list sign-up.

Please let me know, and thank you for your efforts.

comment:7 Changed 4 days ago by https://id.mayfirst.org/jamie

Unfortunately, our best suggestion at this point is the one suggest by Jaime in the comment above: replace your email form on your web site with a link to this page: https://lists.mayfirst.org/mailman/listinfo/demup and this one: https://lists.mayfirst.org/mailman/listinfo/demup-es - those pages are also under attack, but since they are web pages, we can rate limit by IP address submitting the form and thus only block the abusers.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.