On Mar 20, 2021, at 6:22 AM, Stephen J. Turnbull <turnbull.stephen.fw@u.tsukuba.ac.jp> wrote:
jens.guenther@posteo.de writes:
Same question here :-)
This is not a simple question. Mailman is built from the ground up on the assumption that users sign up. Making sign-up easy and powerful is the raison d'etre of Mailman.
One obvious approach is to add "^.$" to each list's ban list (eventually that should be configurable as a list style, so "easy" to make domainwide or sitewide), but that doesn't stop people from creating users via Postorius. One way to address that would be to clean out users with no subscriptions once a week or so.
I guess you could go into the templates and remove the accounts/signup/ links everywhere if "denial by obscurity" is enough, or into urls.py and send that URL to a "Get out of here you hacker!" view. Since these interventions are global, though, so the desideratum of "no site admin intervention" is right out. Users are site-global.
Modifying urls.py to match `/accounts/signup` and redirect to a static page that says “Signups are disabled” or just event a 404 page is probably easiest to do. diff --git a/example_project/urls.py b/example_project/urls.py index 9c854989..3187756e 100644 --- a/example_project/urls.py +++ b/example_project/urls.py @@ -23,16 +23,22 @@ This file is the main URL config for a Django website including HyperKitty. from django.conf import settings from django.conf.urls import include, url from django.contrib import admin +from django.http import Http404 from django.urls import path, reverse_lazy from django.views.generic import RedirectView +def not_found(request): + raise Http404("Signups are disabled on this site.") + + urlpatterns = [ url(r'^$', RedirectView.as_view( url=reverse_lazy('hk_root'))), url(r'^hyperkitty/', include('hyperkitty.urls')), # url(r'^postorius/', include('postorius.urls')), url(r'', include('django_mailman3.urls')), + url(r'^accounts/signup', not_found), url(r'^accounts/', include('allauth.urls')), # Django admin url(r'^admin/', admin.site.urls), This did the job for me locally and will present the user with a 404 page saying the “Signups are disabled on this site”. Note it is important to put the new pattern before the “^accounts/“ pattern since the URLs are matched in the order they are defined. -- thanks, Abhilash Raj (maxking)