David Bremner writes:
As far as I can tell, people (bots? mindless corporate firewalls?) are complaining about the initial confirmation email. So I think an additional approval step won't really help.
Then you can go to approval only, or subscription by admin only. That's probably not what you want, but on the off chance it's better than the current situation I mention them.
I'm not sure what you plan to do with these messages if you get them. Do you think the content is likely to reveal anything about the problem agents that are conducting this apparent attack?
You could try adding
[logging.subscribe]
level: debugor
[logging.smtp]
level: debugto 'mailman.cfg' get more output in the logs. Note that the latter will be *very* verbose and fill up the 'smtp' log very quickly. This will not get the content of the messages.
With Mailman 2 there was a neat dodge: you move the 'mailman' executable wrapper aside and put another executable in its place. I guess you could stick an lmtp server such as Postfix's smtpd on localhost:8024, configure mailman to listen on 8025, and have the smtpd dupe it for you (ie, deliver both to a file and to localhost:8025. Maybe you want to put an instance of a filter like procmail in there so it only looks at -subscribe mailboxes.
I don't really know what to say beyond that.