Hi,
My mailman3.auth_users table contains 131 rows, of which 113 of them were created in the last week. All of these users have a 10 character long random string of lowercase letters as their chosen username. Their email addresses are all over the place.
I only noticed this was happening because an unusual number of the subscription confirmation messages were bouncing back to me as postmaster, and I saw the unlikely user names.
I matched up some of the date_joined timings with logs of HTTP POST to /mailman/accounts/signup and every single one so far was a unique IP address. So I am not going to get very far with firewalling.
Does anyone have any suggestions what I can do to avoid this? Specifically what I would like to avoid is sending a confirmation email to these potentially innocent addresses.
…
Hmm, actually I've just noticed that all of them are Tor exit nodes.
Looks like I could probably autogenerate an Apache ACL that lists all Tor exit nodes and bans them from posting to /mailman/accounts/signup.
Thanks, Andy