diff options
-rw-r--r-- | Mailman/Cgi/subscribe.py | 1 | ||||
-rwxr-xr-x | Mailman/Defaults.py.in | 4 | ||||
-rw-r--r-- | NEWS | 4 |
3 files changed, 9 insertions, 0 deletions
diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 795fc81b..ca218737 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -300,6 +300,7 @@ moderator's decision when they get to your request.""") results = _('You are already subscribed.') else: results = privacy_results + if privacy_results and mm_cfg.WARN_MEMBER_OF_SUBSCRIBE: # This could be a membership probe. For safety, let the user know # a probe occurred. BAW: should we inform the list moderator? listaddr = mlist.GetListEmail() diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index e5d8b3cf..fea5dcf1 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -1130,6 +1130,10 @@ ANONYMOUS_LIST_KEEP_HEADERS = ['^(?!x-)', '^x-mailman-', # request email, she has to wait PENDING_REQUEST_LIFE (default 3 days) before # she can request another. This setting also applies to repeated unsubscribes. REFUSE_SECOND_PENDING = No +# Mailbombing of a list member of a list with private rosters can occur with +# repeated subscribe attempts resulting in repeated user warnings. Set the +# following to No to supress the user warnings. +WARN_MEMBER_OF_SUBSCRIBE = Yes @@ -20,6 +20,10 @@ Here is a history of user visible changes to Mailman. - DMARC mitigation no longer misses if the domain name returned by DNS contains upper case. (LP: #1881035) + - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent + mailbombing of a member of a list with private rosters by repeated + subscribe attempts. (LP: #1883017) + 2.1.33 (07-May-2020) Security |