I've got a couple things I need help with: The Symptom and The Problem.
The Symptom:
Postorius has gotten quite slow to load, taking more than 30s to load the Subscription Requests tab. Having zero pending subscription requests (I'm on v1.2.5), I started investigating unconfirmed subscriptions.
I followed the commands from here1 and got this:
mailman shell -l your.list.id
util = getUtility(IPendings)
print(len(list(util.find(mlist=m,pend_type='subscription'))))
1816Wow, 1816 pending subscription requests. I can say for certain that my list is not popular so these requests must have been submitted by bots. Let's get there in The Problem.
How can I "purge" this list? I'm willing to assume that none of these requests are valid and would reject all unconfirmed user requests.
The Problem:
How might this activity be happening? Running
cat /opt/mailman/core/var/logs/mailman.log | grep POSTreturns a lot of 202 and 409 responses for POST /3.1/members.
Could it be that these requests are being submitted through Postorius? I'd assume there would be some sort of honeypot input to prevent abuse. I'll continue investigating and follow up with any insight I can on the cause of The Problem.
Thanks, Nick