On 9/14/20 10:54 AM, Mohsen Masoudfar wrote:
It seems anybody can go to the site: https://LISTSERVNAME/mailman3/postorius/lists/ and click on the [Sign up] on the top-right corner and create an account. This can easily be automated, even though the next step, confirming the email address, being ignored. I believe it can be used as a target for a DOS attack by creating so many accounts, that eventually causes an 'out of space' error.
Is this a justified concern? Is there a way to manage this feature in a secure way?
We no longer use Django to manage our mailman 3 user registration, but the same concerns that you have are still valid for us. What we do is run a cronjob that purges all unverified accounts once per day. So problem solved for us. Perhaps something like that can be done for Django.
-- Please let me know if you need further assistance.
Thank you for your business. We appreciate our clients. Brian Carpenter EMWD.com
-- EMWD's Knowledgebase: https://clientarea.emwd.com/index.php/knowledgebase
EMWD's Community Forums http://discourse.emwd.com/