Mailing list shutting down...

classic Classic list List threaded Threaded
40 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: [fossil-users] Mailing list shutting down...

Svyatoslav Mishyn
(Wed, 13 Jun 14:59) Richard Hipp:

> Cross-posted to the fossil-users mailing list since www.fossil-scm.org
> and www.sqlite.org are the same machine and both mailing lists are
> impacted by the current problem.
>
> On 6/13/18, Luiz Américo <[hidden email]> wrote:
> > How about using https://www.discourse.org/ ?
> >
> > Open source projects can use for free
>
> Thanks for the pointer, Luiz.
>
> Discourse is moving the right direction, I think.  To install it, one
> downloads a docker container and runs it on some Linux VM someplace.
> (They recommend Digital Ocean, which is where I www3.sqlite.org is
> hosted already.)  It's a self-contained package with minimal
> dependencies that just works.  And it uses SQLite!  My kind of
> software!

Another alternative would be nimforum:
https://github.com/nim-lang/nimforum

From its description:
NimForum is a light-weight forum implementation with many similarities
to Discourse. It is implemented in the Nim programming language and uses
SQLite for its database.


Haven't tried to use it myself, just suggesting.


--
https://www.juef.space/
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Richard Hipp-3
In reply to this post by Simon Slavin-3
On 6/13/18, Simon Slavin <[hidden email]> wrote:

>
>
> On 13 Jun 2018, at 3:02pm, Simon Slavin <[hidden email]> wrote:
>
>> you might try the solution described in the lower part of
>>
>> <https://www.ralfj.de/blog/2018/06/02/mailman-subscription-spam.html>
>>
>> and also the measure recommended here:
>>
>> <https://mail.python.org/pipermail/mailman-users/2015-May/079154.html>
>
> Did you get a chance to try these ?  One is a one-line fix.  The other is
> adding a few lines.  They can both be done with a text editor and the pages
> tell you which files to edit.  If I understand the problem you reported they
> would both fix it.

I did just try these.  It causes MailMan to fail with an error.
Probably the MailMan installation is messed up somehow.

I am currently looking at locating and saving off the subscriber
lists, then deleting and reinstalling MailMan and bulk subscribing
everybody....

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Alessandro Marzocchi
In reply to this post by Richard Hipp-3
Using policyd one should be able to limit the rate at which one account
(subscribe confirmation) is able to send messages to a particular address,
or the overall number of mails sent to an address.

https://wiki.policyd.org/quotas

On Wed, Jun 13, 2018, 9:36 PM Richard Hipp <[hidden email]> wrote:

> On 6/13/18, Alessandro Marzocchi <[hidden email]> wrote:
> > Do you have control over postfix server? If so maybe adding a policy to
> the
> > account used for subscription confirmation may work. I dont have a PC
> > available at the moment but in the case i may check.
>
> I don't see how that could possibly help.  Please enlighten me if I am
> overlooking something.
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: [fossil-users] Mailing list shutting down...

Richard Hipp-3
In reply to this post by Svyatoslav Mishyn
On 6/13/18, Svyatoslav Mishyn <[hidden email]> wrote:
>
> Another alternative would be nimforum:
> https://github.com/nim-lang/nimforum
>

It does not appear to have email notification.  Unless I overlooked something.
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: [fossil-users] Mailing list shutting down...

J Decker
could use Gitter ( https://gitter.in ) is nice; emails on directed messges;
retains discussion histories; integrates with various other platforms...
git in particular such a referecning issues and pull requests with just
#<number>
supports markdown formatting; which makes talking about `code fragments`
nice.

On Wed, Jun 13, 2018 at 1:22 PM Richard Hipp <[hidden email]> wrote:

> On 6/13/18, Svyatoslav Mishyn <[hidden email]> wrote:
> >
> > Another alternative would be nimforum:
> > https://github.com/nim-lang/nimforum
> >
>
> It does not appear to have email notification.  Unless I overlooked
> something.
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Florian Weimer
In reply to this post by Richard Hipp-3
* Richard Hipp:

> On 6/13/18, Brian Curley <[hidden email]> wrote:
>> Doesn't the Fossil site already have a Capcha interface built into it that
>> could be adopted to enforce additional authentication around subscriptions?
>
> There are no captchas built into GNU MailMan.  You enter your email
> address to subscribe and you get a confirmation email.  Click on a
> link in the confirmation email.  Then your subscription goes to
> moderation.  After the moderator approves, you are signed up.

Some largish operators use CAPTCHAs:

  <https://mail.gnome.org/mailman/listinfo/gnome-devel-list>

But wouldn't any replacement that allows email notification have
exactly the same signup issue?  Sure, you might only have one pending
signup request per email instead per list, but if the bots are
actually targeting innocent users, for most recipients, they can just
use multiple aliases of the form <[hidden email]>,
<[hidden email]>, and so on.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Richard Hipp-3
On 6/13/18, Florian Weimer <[hidden email]> wrote:
> if the bots are
> actually targeting innocent users, for most recipients, they can just
> use multiple aliases of the form <[hidden email]>,
> <[hidden email]>, and so on.

I have a accumulated a good assortment of robot counter-measures over
the years, a few of which are outlined here:
https://www.fossil-scm.org/fossil/doc/trunk/www/antibot.wiki

The key thing is that MailMan is opaque (to me).  I cannot add these
defenses to MailMan.

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Gary R. Schmidt
In reply to this post by Gary R. Schmidt
On 14/06/2018 03:37, John Long wrote:

> On Wed, 2018-06-13 at 21:42 +1000, Gary R. Schmidt wrote:
>>
>>
>> This is an increasing problem, and has been discussed on the Mailman
>> mailing list recently, you should join them and see what mitigation
>> strategies are available.
>
> Well I'm sure he would like to, but subscriptions have probably been
> suspended because of the attacks ;)
>
They haven't shut down access to the mailman lists, why would they do that?

If you're trying to be funny, don't give up your day job!

        Cheers,
                Gary B-)

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Gary R. Schmidt
In reply to this post by Gary R. Schmidt
On 13/06/2018 21:42, Gary R. Schmidt wrote:

> On 13/06/2018 21:22, Richard Hipp wrote:
>> Unfortunately, I'm going to need to shut down this mailing list due to
>> robot harassment.  I am working to come up with a fix or an
>> alternative now.  Your suggestions are welcomed.
>>
>> This mailing list has operated for many years using GNU MailMan.
>> Unfortunately, that software is not able to cope with modern robot
>> spammers, even with the latest updates.  And the source code for
>> MailMan is sufficiently opaque that I am unable to work on it.
>>
>> The most recent problem is that robots are visiting the subscription
>> page and entering innocent user's email addresses and names.  This
>> causes a confirmation email to be sent to that user.  If it were just
>> single confirmation email that the user could ignore, that would be
>> fine.  But apparently MailMan sends one email for each subscription
>> request.  The robots have figured this out and are putting in hundreds
>> of subscription requests for the same individual, apparently to harass
>> them.
>>
>> I have already suspended new subscriptions.  Existing subscribers will
>> be able to continue using this list until I come up with a replacement
>> (or a fix to the current problem) but no new subscribers will be
>> accepted.
>>
> This is an increasing problem, and has been discussed on the Mailman
> mailing list recently, you should join them and see what mitigation
> strategies are available.
>
One is here: https://github.com/noabospam/abospam

        Cheers,
                Gary B-)


_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Jeffrey Schiller
Would limiting subscription requests to one per day help. I'm familiar with
the Mailman code, having modified it for use at MIT, and can code the
necessary changes. I suspect only one file would need to be changed.

-Jeff

On Wed, Jun 13, 2018 at 6:16 PM Gary R. Schmidt <[hidden email]> wrote:

> On 13/06/2018 21:42, Gary R. Schmidt wrote:
> > On 13/06/2018 21:22, Richard Hipp wrote:
> >> Unfortunately, I'm going to need to shut down this mailing list due to
> >> robot harassment.  I am working to come up with a fix or an
> >> alternative now.  Your suggestions are welcomed.
> >>
> >> This mailing list has operated for many years using GNU MailMan.
> >> Unfortunately, that software is not able to cope with modern robot
> >> spammers, even with the latest updates.  And the source code for
> >> MailMan is sufficiently opaque that I am unable to work on it.
> >>
> >> The most recent problem is that robots are visiting the subscription
> >> page and entering innocent user's email addresses and names.  This
> >> causes a confirmation email to be sent to that user.  If it were just
> >> single confirmation email that the user could ignore, that would be
> >> fine.  But apparently MailMan sends one email for each subscription
> >> request.  The robots have figured this out and are putting in hundreds
> >> of subscription requests for the same individual, apparently to harass
> >> them.
> >>
> >> I have already suspended new subscriptions.  Existing subscribers will
> >> be able to continue using this list until I come up with a replacement
> >> (or a fix to the current problem) but no new subscribers will be
> >> accepted.
> >>
> > This is an increasing problem, and has been discussed on the Mailman
> > mailing list recently, you should join them and see what mitigation
> > strategies are available.
> >
> One is here: https://github.com/noabospam/abospam
>
>         Cheers,
>                 Gary    B-)
>
>
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Bob Friesenhahn
On Wed, 13 Jun 2018, Jeffrey Schiller wrote:

> Would limiting subscription requests to one per day help. I'm familiar with
> the Mailman code, having modified it for use at MIT, and can code the
> necessary changes. I suspect only one file would need to be changed.

The problem is knowing what "one" means.  The subscription request is
likely submitted via http/https into the web form and using a bogus
email subscription address (of the "victim").  A botnet is able to
submit these requests from hundreds of IP addresses.

If mailman supports subscription requests via SMTP email (I don't
remember that it does), then the problem is worse.

If only one new subscription is allowed on the list per day, then
there is a trivial DOS (no new valid subscriptions are possible) as
soon as the one daily subscription has been consumed.

Bob
--
Bob Friesenhahn
[hidden email], http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Simon Slavin-3
13 Jun 2018, at 11:52pm, Bob Friesenhahn <[hidden email]> wrote:

> The problem is knowing what "one" means.  The subscription request is likely submitted via http/https into the web form and using a bogus email subscription address (of the "victim").  A botnet is able to submit these requests from hundreds of IP addresses.

First you accept only one request per IP address for every twentyfour hours.  You might as well just wipe your address list at midnight rather than do the tricky programming to implement a rolling 12 hour window.

Second you have the form page generate a random number every time it shows the form.  The submission has to include the number sent to that IP address, and it has to be done at least five seconds after the number was generated.  This ties up that bot (though not the whole botnet) for five seconds.  One assumes that humans take more than 5 seconds to type their password twice and hit 'submit' so they won't even notice the difference.  People who copy-and-paste their email address into the 'verify' field deserve what they get.

Third you accept only one request per email address per week.

The second of the above defeats a lot of bots.  They submit the request without ever downloading the form in the first place.

For all the above you need two tables of data and some python programming.  Unfortunately I don't know Python.

Simon.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

J Decker
On Wed, Jun 13, 2018 at 5:17 PM Simon Slavin <[hidden email]> wrote:

> 13 Jun 2018, at 11:52pm, Bob Friesenhahn <[hidden email]>
> wrote:
>
> > The problem is knowing what "one" means.  The subscription request is
> likely submitted via http/https into the web form and using a bogus email
> subscription address (of the "victim").  A botnet is able to submit these
> requests from hundreds of IP addresses.
>
>
And Hooray for TOR
https://www.dan.me.uk/tornodes


> First you accept only one request per IP address for every twentyfour
> hours.  You might as well just wipe your address list at midnight rather
> than do the tricky programming to implement a rolling 12 hour window.
>
> Second you have the form page generate a random number every time it shows
> the form.  The submission has to include the number sent to that IP
> address, and it has to be done at least five seconds after the number was
> generated.  This ties up that bot (though not the whole botnet) for five
> seconds.  One assumes that humans take more than 5 seconds to type their
> password twice and hit 'submit' so they won't even notice the difference.
> People who copy-and-paste their email address into the 'verify' field
> deserve what they get.
>
> Third you accept only one request per email address per week.
>
> The second of the above defeats a lot of bots.  They submit the request
> without ever downloading the form in the first place.
>
> For all the above you need two tables of data and some python
> programming.  Unfortunately I don't know Python.
>
> Simon.
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Richard Damon
In reply to this post by Bob Friesenhahn
On 6/13/18 6:52 PM, Bob Friesenhahn wrote:

> On Wed, 13 Jun 2018, Jeffrey Schiller wrote:
>
>> Would limiting subscription requests to one per day help. I'm
>> familiar with
>> the Mailman code, having modified it for use at MIT, and can code the
>> necessary changes. I suspect only one file would need to be changed.
>
> The problem is knowing what "one" means.  The subscription request is
> likely submitted via http/https into the web form and using a bogus
> email subscription address (of the "victim").  A botnet is able to
> submit these requests from hundreds of IP addresses.
>
> If mailman supports subscription requests via SMTP email (I don't
> remember that it does), then the problem is worse.
>
> If only one new subscription is allowed on the list per day, then
> there is a trivial DOS (no new valid subscriptions are possible) as
> soon as the one daily subscription has been consumed.
>
> Bob

Mailman does allow for email subscriptions, which has the same risks of
spoofing.

Where One Subscription limits could help is that it should be possible
for Mailman to allow there to be only one pending subscription for a
given email address (and these by default expire after 3 days), so if
the botnet is spamming the subscription address, the victim gets just
one email every 3 days.

It should also be possible to log these IP addresses and excessive
requests could trigger fail2ban to block that IP address for a while.

--
Richard Damon

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

George
In reply to this post by Richard Hipp-3
On Wed, 13 Jun 2018 07:22:20 -0400
Richard Hipp <[hidden email]> wrote:

> Unfortunately, I'm going to need to shut down this mailing list due to
> robot harassment.  I am working to come up with a fix or an
> alternative now.  Your suggestions are welcomed.
>
> This mailing list has operated for many years using GNU MailMan.
> Unfortunately, that software is not able to cope with modern robot
> spammers, even with the latest updates.  And the source code for
> MailMan is sufficiently opaque that I am unable to work on it.
>
> The most recent problem is that robots are visiting the subscription
> page and entering innocent user's email addresses and names.  This
> causes a confirmation email to be sent to that user.  If it were just
> single confirmation email that the user could ignore, that would be
> fine.  But apparently MailMan sends one email for each subscription
> request.  The robots have figured this out and are putting in hundreds
> of subscription requests for the same individual, apparently to harass
> them.
>
> I have already suspended new subscriptions.  Existing subscribers will
> be able to continue using this list until I come up with a replacement
> (or a fix to the current problem) but no new subscribers will be
> accepted.
>

Hello,

Sounds like a nasty problem, sorry to hear.

The usual algorithm and way of dealing with this is to throttle the
nasty one's while degrading slightly the service for legitimate
subscribers. I have in mind spamd from OpenBSD when I am giving this
example here. Sounds like the code of MailMan is difficult to change is
this the repo:

https://savannah.gnu.org/cvs/?group=mailman

How many pieces of the infrastructure are under your control? What is
the pattern of undesired activity. If you can log the request for
registration and pick out the addresses you can block further emails
from being send, put a max etc.. If you control a firewall the only way
to really control stuff you can block throttle the access for the
offending IP's or networks while the problem appears.

Such things are best dealt with initially by collecting data and
modifying the middle layer control algorithm or its meta data until you
have a good average. I am not someone who deals with this problem on a
daily basis so please take this with a grain of salt.

I think the issue here is that mailman talks to your mail server and
then it is actually you sending the emails to the victims. Depending on
the mail server you may be able to limit the requests, block them
completely or parse or classify them as spam. The best solution if you
are not able to modify mailman and don't wish to mess with mail servers
is to write a capture service that speaks only the basics of the mail
protocol and can count the number of to headers with the same address
per second, minute whatever and only after that validation forward it to
the legitimate mail sending server. There must be a place where you
configure your mail server in mailman just plop your capture
service there and the mail server can be configured or will not care if
the mail takes another hop before arriving at 25.

There are certainly thousand ways to do this but since you're running
MailMan I assume you wish a clean and simple solution ... heck look at
SQLite ... so I think the capture one might be the best no matter what
the mailman like package and mail server. You are in control ultimately.

HTH,
Regards,
George

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Vincenzo Campanella
In reply to this post by Olivier Mascia
Il 13.06.2018 15:28, Olivier Mascia ha scritto:

>> Le 13 juin 2018 à 13:22, Richard Hipp <[hidden email]> a écrit :
>>
>> Unfortunately, I'm going to need to shut down this mailing list due to
>> robot harassment.
>> ...
>> I have already suspended new subscriptions.  Existing subscribers will
>> be able to continue using this list until I come up with a replacement
>> (or a fix to the current problem) but no new subscribers will be
>> accepted.
> I don't have experience with GNU MailMan, but isn't there some facility to protect the subscription request page using some Googlesque "I'm not a Robot!" CAPTCHA, or anything like if GNU MailMan does not want to offer people to have whatever business with Google for any reason?
>
> This, plus a black-listing mechanism which would warn admins (once!) when the same non-member subscription request has happened let's say twice, without user confirmation, and simply denies new requests for that same email until admins either validate the subscription or reset it.
>
> Might complicate the work of robots enough to render the game uninteresting.
>
> That's a personal preference, but I value mailing lists and appreciate much less web-based forums.
WxWidgets (a library for writing GUI with C++ or Python) uses
googlegroups.com, that then works exactly as a mailing list (their mail
address is [hidden email]); perhaps this can give you an
alternative idea...
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Ian Zimmerman-2
On 2018-06-14 17:17, Vincenzo Campanella wrote:

> uses googlegroups.com, that then works exactly as a mailing list
> (their mail address is [hidden email]); perhaps this can
> give you an alternative idea...

It works fine as a mailing list _if_ most (better: all) posters use
it as such.  When you get large number of posts from the Web interface
it gets ugly, with broken threads and such all over.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Jeffrey Schiller
In reply to this post by Richard Hipp-3
The latest version of Mailman does implement a Captcha (via reCaptcha).
Also, if you set mm_cfg.SUBSCRIBE_FORM_SECRET to a secret value, Mailman
will insist that the subscription form be submitted after a slight delay,
which defaults to 5 seconds. This features exists in the version currently
used by the mailing list (2.1.20).

I have downloaded the source code (version 2.1.20) and am looking into
adding code to limit the rate of subscriptions for a given e-mail address
to a configurable value. Something like 1 to 2 days should do the trick.

-Jeff

On Wed, Jun 13, 2018 at 12:15 PM Richard Hipp <[hidden email]> wrote:

> On 6/13/18, Brian Curley <[hidden email]> wrote:
> > Doesn't the Fossil site already have a Capcha interface built into it
> that
> > could be adopted to enforce additional authentication around
> subscriptions?
>
> There are no captchas built into GNU MailMan.  You enter your email
> address to subscribe and you get a confirmation email.  Click on a
> link in the confirmation email.  Then your subscription goes to
> moderation.  After the moderator approves, you are signed up.
>
> The above system works fine to keep nefarious actors out of the subscriber
> list.
>
> But that is not the problem.  The problem is that the bad guys don't
> care about getting onto the subscriber list.  They just want to
> generate as many bogus confirmation emails as they can, to harass the
> people who are receiving the confirmation emails.
>
> The obvious solution in GNU Mailman would be to only allow a single
> confirmation email to go out per email address.  After that one email,
> the corresponding email address is never allowed to sign up again.
>
> This simple fix is complicated by several factors:
>
> (1) Nobody seems to want to own the GNU MailMan software.  It is not
> well maintained as far as I can see.
>
> (2) MailMan does not seem to use a database other than the filesystem
> and perhaps Python Pickle files, at least not that I have found, so
> recording extra information such as who has previously requested a
> subscription involves major structural changes to the code.
>
> (3) MailMan itself seems to be a collection of scripts that must be
> all installed in multiple well-known directories.  It is difficult to
> identify what files are part of the MailMan implementation and what
> files are not, making maintenance error-prone for people (like me) who
> are unfamiliar with where to find all the pieces.
>
> (4) There is a GNU MailMan mailing list, but in my past interactions,
> there was nobody there who was willing to help with spam problems.
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Jeffrey Schiller
In reply to this post by Richard Hipp-3
I am so offering...

-Jeff

On Wed, Jun 13, 2018 at 12:42 PM Richard Hipp <[hidden email]> wrote:

> On 6/13/18, Michael Tiernan <[hidden email]> wrote:
> > May I respectfully suggest to everyone that offering solutions, while
> > valuable and helpful, may not be as valuable as the offer of assistance
> > to our listmaster.
>
> +1  :-)
>
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Mailing list shutting down...

Jeffrey Schiller
Check out:

   http://c.qyv.net/mailmansrc/info/a6250b7ba075294c

This is a patch to mailman version 2.1.20 (the version deployed on
sqlite.org). It adds a three day waiting period between subscription
attempts. When applying this patch also be sure to edit Defaults.py (which
is generated at installation time from Defaults.py.in) to include the new
variable for controlling the subscription window.

You may also want to set SUBSCRIBE_FORM_SECRET to a secret string. This
will enable verification that a submitted form is both from the site and
filled out after 5 seconds (to thwart bots).

Enjoy.

-Jeff

On Thu, Jun 14, 2018 at 11:02 PM Jeffrey Schiller <
[hidden email]> wrote:

> I am so offering...
>
> -Jeff
>
>
> On Wed, Jun 13, 2018 at 12:42 PM Richard Hipp <[hidden email]> wrote:
>
>> On 6/13/18, Michael Tiernan <[hidden email]> wrote:
>> > May I respectfully suggest to everyone that offering solutions, while
>> > valuable and helpful, may not be as valuable as the offer of assistance
>> > to our listmaster.
>>
>> +1  :-)
>>
>> --
>> D. Richard Hipp
>> [hidden email]
>> _______________________________________________
>> sqlite-users mailing list
>> [hidden email]
>> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>>
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
12