Mailman subscription spam
Sandro Santilli
strk at kbt.io
Fri Jun 20 09:22:54 PDT 2025
Following trac report about subscription spam [1] and user reports about
non-arriving email we took a look and found 60490 messages in the queue,
many of which held because the recipient mail server put us on hold for
receiving too many mails (namely Gmail and Yahoo).
[1] https://trac.osgeo.org/osgeo/ticket/3385
What we found is that some bot was performing subscription requests to
ALL mailing lists from a 1378 different email addresses, for a total
of 329000 subscription requests between Jun 10 21:16:31 2025 (PDT)
and Jun 20 08:29:17 2025 (PDT), all from the same IP address (23.94.126.219)
None of those subscription requests happear to have succeeded.
I've been reviewing and dropping many of them from the queue and added
some tools to help with that in /osgeo/mailman-tools and
/osgeo/mail-tools.
Finally I've added a fail2ban based protection so that the next flood
will hopefully be blocked.
For details and tweaks please see commit f9a6cb6ac65befb1ce120e2313b74257eb3ba422
and a few earlier ones in ansible-deployment from where both the
scripts and the protection is installed.
Currently the queue still has 13554 items, I don't know if we can safely drop
all those having any of those 1378 addresses as recipient as I guess
the spammer could have used legit email addresses. If you want to help
proceeding in the cleanup and have access to the mail server machine
see ~root/spam-subscription-requests-* files and join #osgeo-sac on
libera.chat IRC (or #sac:osgeo.org Matrix) to coordinate.
Thank you.
--strk;
Libre GIS consultant/developer 🎺
https://strk.kbt.io/services.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20250620/ff22dd14/attachment.sig>
More information about the Sac
mailing list