From 300671a6c0181f9792cb6bdc9d03f9016d3d1327 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Thu, 9 Jan 2020 17:00:40 -0800
Subject: Implement REFUSE_SECOND_PENDING setting to prevent multiple pending
 subscribes.

---
 Mailman/Defaults.py.in | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'Mailman/Defaults.py.in')

diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index b45abf7b..277e3ab0 100755
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -1122,6 +1122,14 @@ ANONYMOUS_LIST_KEEP_HEADERS = ['^(?!x-)', '^x-mailman-',
                                '^x-ack:', '^x-beenthere:',
                                '^x-list-administrivia:', '^x-spam-',
                               ]
+#
+# It is possible to mailbomb a third party by repeatrdly posting the subscribe
+# form.  You can prevent this by setting the following to Yes which will refuse
+# pending a subscription confirmation when one is already pending.  The down
+# side to this is if a subscriber loses or doesn't receive the confirmation
+# request email, she has to wait PENDING_REQUEST_LIFE (default 3 days) before
+# she can request another.
+REFUSE_SECOND_PENDING = No
 
 
 
-- 
cgit v1.2.3