Mailman Subscription Spam

26 Aug 2015 - python

In the last few weeks, a few of us running mailman have been noticing attacks using our servers. Most often we end up being used as relays to send subscription spam to the servers. They pick one address and use multiple aliases of the address to send spam to. I won’t get into the details of the attack, but here’s a script that I came up with and is now modified to be friendly thanks to OpenStack Infra Team.

Create the file /usr/lib/mailman/bin/ban.py with this content:

def ban(m, address):
    try:
        m.Lock()
        if address not in m.ban_list:
            m.ban_list.append(address)
        m.Save()
    finally:
        m.Unlock()

Now run this script like this

sudo /usr/lib/mailman/bin/withlist -a -r ban "<address to ban>"

The ban address can be a regular expressions, so to ban an address and all suffixes, use ^address.*@example.com as the address to ban.

All Posts ⇉

Comments

blog comments powered by Disqus