On 06/08/19 at 12:13, Nick W <mail@nickwynja.com> wrote:
Could it be that these requests are being submitted through Postorius? I'd assume there would be some sort of honeypot input to prevent abuse. I'll continue investigating and follow up with any insight I can on the cause of The Problem.
Some follow up here:
cat /var/log/nginx/access.log | grep "POST /postorius/lists/mylist.exmple.com/"shows only a recent manual attempt I made to subscribe but not much else, which leads me to believe these requests aren't coming through Postorius.
Now the more embarrassing part. The likely culprit is my stupidity.
In an attempt to have subscription forms embedded on my static websites, I created this flask app to handle POSTs and subscribe people the the specified lists.
https://github.com/nickwynja/fmmss/I included a menial honeypot feature to handle spam requests, which I thought was working. It must not be but it appeared like it was, likely because I made the honeypot for my app at the same time I changed the subscription policy to 'confirm' and upgraded from Postorius 1.2.3 (when pending user subscriptions were no longer shown).
Seems like I have some homework to do to prevent spam subscriptions through my app.