Hi,
I have noticed recently I have around 2000 bogus sign-ups that have created accounts in Django. Looking through the logs these have come from the Postorius sign-up pages. I checked and email confirmation is required before the accounts are created and the email addresses that have been used do seem like they could respond to these requests.
I don't want to add captchas to the form right now but is there any way to clean out these users from the database perhaps periodically based on whether the accounts are subscribed to any list?
Thanks. Andrew.
On 1/1/21 7:41 PM, Andrew Hodgson wrote:
I have noticed recently I have around 2000 bogus sign-ups that have created accounts in Django. Looking through the logs these have come from the Postorius sign-up pages. I checked and email confirmation is required before the accounts are created and the email addresses that have been used do seem like they could respond to these requests.
I don't want to add captchas to the form right now but is there any way to clean out these users from the database perhaps periodically based on whether the accounts are subscribed to any list?
I can't help with this but I want to say a bogus sign up will usually have a first/last name filled with randomly generated upper/lowercase letters eg. HiedfURW FHIUEYde. That was what we saw. I also implemented a server wide block against Russia and that cut bogus signups by 75%!
What we did with our Affinity system is to auto-remove all unverified user accounts after 36 hours. You can perhaps put in a feature request for something similar with Postorius/Django on their Gitlab page.
-- Brian Carpenter Harmonylists.com Emwd.com
On 1/1/21 4:41 PM, Andrew Hodgson wrote:
I don't want to add captchas to the form right now but is there any way to clean out these users from the database perhaps periodically based on whether the accounts are subscribed to any list?
I have attached a script that will delete users from Django's user database (the auth_user table) if there is no Mailman user with the Django user's email address or if there is a Mailman user but it's not a member, nonmember, owner or moderator of any lists.
The setting DELETE_MAILMAN_USER controls whether it will also delete the corresponding Mailman user that's not a member, nonmember, owner or moderator of any lists. If set to True, it will.
The script has a few installation specific paths that may need adjustment. Also, if Mailman is installed in a virtualenv, the script needs to be run by the python in that virtualenv so that the imports all work (as with the shebang in the script).
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
On 1/1/21 4:41 PM, Andrew Hodgson wrote:
I don't want to add captchas to the form right now but is there any way to clean out these users from the database perhaps periodically based on whether the accounts are subscribed to any list?
I have attached a script that will delete users from Django's user database (the auth_user table) if there is no Mailman user with the Django user's email address or if there is a Mailman user but it's not a member, nonmember, owner or moderator of any lists.
Thanks for this.
The setting DELETE_MAILMAN_USER controls whether it will also delete the corresponding Mailman user that's not a member, nonmember, owner or moderator of any lists. If set to True, it will.
I did set this to true. The majority of users existed only in Django but around 20 existed in Mailman as well and looked like old addresses.
Thanks again. Andrew.
Hello,
i did try the script and unfortunately there is a problem. The script is deleting django-users are not member,nonmember ... of any lists.But thats not the point. Its ok if a user want to be only a django-user to see the archives and work with them.
The script should delete django-users who dont confirm your email address.
We talk about fake users are created by a bot programm, that means this users never confirm your email address. If a user want to be a django-user only and is confirming her email address it is fine, no problem but this users are deleted too.
Is there a way, only to delete django-users who are not confirming your email address ?
Roberto
On 2/8/21 1:22 AM, r.woithe@callassoftware.com wrote:
Hello,
i did try the script and unfortunately there is a problem. The script is deleting django-users are not member,nonmember ... of any lists.But thats not the point. Its ok if a user want to be only a django-user to see the archives and work with them.
If a user sign's up for an account at /accounts/signup/ and then confirms her address, she will then be a Mailman user with a user and an address record even though not a member of any lists.
The script should delete django-users who dont confirm your email address.
Change one line in the script from
if mm_user is None or len(list(mm_user.memberships.members)) == 0:
to
if mm_user is None:
And it will do what you want.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hello, i have changed the line like described above, the result is not as it should, but its fine u dont need to give further assistance i will use the original script and the one user comfirmed his email is out .... roberto
Hi.
Has anyone managed to get this script running using the Mailman-Web setup in a venv? It was working when Settings.py was in the /opt/mailman/mm directory but since moving to Mailman-Web has it in /etc/mailman3. I have been trying to import Mailman-Web to get the Django environment running but every time I do this I get a not configured exception raised.
Thanks. Andrew.
Which script? I think it should run easily as long as it relies on mailman-web. I run mailman-web with several arguments from a single bash script in my several MM3 setups.
On Sat, Apr 1, 2023, 00:18 Andrew Hodgson <andrew@hodgson.io> wrote:
Hi.
Has anyone managed to get this script running using the Mailman-Web setup in a venv? It was working when Settings.py was in the /opt/mailman/mm directory but since moving to Mailman-Web has it in /etc/mailman3. I have been trying to import Mailman-Web to get the Django environment running but every time I do this I get a not configured exception raised.
Thanks. Andrew.
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to odhiambo@gmail.com
On 3/31/23 14:17, Andrew Hodgson wrote:
Hi.
Has anyone managed to get this script running using the Mailman-Web setup in a venv? It was working when Settings.py was in the /opt/mailman/mm directory but since moving to Mailman-Web has it in /etc/mailman3. I have been trying to import Mailman-Web to get the Django environment running but every time I do this I get a not configured exception raised.
First, get the latest version of the script from https://www.msapiro.net/scripts/clean_users.py - not the one in this threat attached to https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/... Then, you need to change `/opt/mailman/mm` in three places to `/etc/mailman3` as in ``` --- /opt/mailman/mm/bin/clean_users.py 2021-05-08 20:03:31.657565251 -0700 +++ clean_users.py 2023-03-31 15:48:31.772383287 -0700 @@ -2,13 +2,13 @@ import os import sys -sys.path.insert(0, '/opt/mailman/mm') +sys.path.insert(0, '/etc/mailman3') # The above line is required. The next line doesn't hurt, but it doesn't work # because the PYTHONPATH environment setting is processed by Python's setup # and must be in the environment when Python starts to be effective. -os.environ['PYTHONPATH'] = '/opt/mailman/mm' +os.environ['PYTHONPATH'] = '/etc/mailman3' os.environ['DJANGO_SETTINGS_MODULE'] = 'settings' -os.environ['MAILMAN_CONFIG_FILE'] = '/opt/mailman/mm/mailman.cfg' +os.environ['MAILMAN_CONFIG_FILE'] = '/etc/mailman3/mailman.cfg' import django django.setup() ``` Also, look at this ``` # If we delete the Django user and there is a Mailman user with no memberships # shall we delete the Mailman user too. DELETE_MAILMAN_USER = False # Shall we delete the Django user if there is a Mailman user with no # memberships or only if there is no Mailman user. DELETE_DJANGO_IF_MAILMAN = True ``` and consider whether you want to set `DELETE_MAILMAN_USER = True` to also delete the Mailman user if any, and/or set `DELETE_DJANGO_IF_MAILMAN = False` to not delete the django user if there is a Mailman user with no memberships. -- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 3/31/23 15:58, Mark Sapiro wrote:
First, get the latest version of the script from https://www.msapiro.net/scripts/clean_users.py - not the one in this threat attached to https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
Then, you need to change
/opt/mailman/mmin three places to/etc/mailman3as in
I just changed that script. It now has a setting
CFG_PATH = '/opt/mailman/mm'
which you can change to
CFG_PATH = '/etc/mailman3'
to accomplish the above.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro <mark@msapiro.net> wrote:
First, get the latest version of the script from https://www.msapiro.net/scripts/clean_users.py - not the one in this threat attached to https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/me ssage/YH676B67U24VXXNX2UMJYNVSFEAKAHYG/
Thanks for the updated script it works a charm. Andrew.
Mark, Will this be part of an upcoming update or micro update to Mailman? Yours, Allan Hansen P.O. Box 2423 Cypress, CA 90630
On Mar 31, 2023, at 15:49, Mark Sapiro <mark@msapiro.net> wrote:
On 3/31/23 14:17, Andrew Hodgson wrote:
Hi. Has anyone managed to get this script running using the Mailman-Web setup in a venv? It was working when Settings.py was in the /opt/mailman/mm directory but since moving to Mailman-Web has it in /etc/mailman3. I have been trying to import Mailman-Web to get the Django environment running but every time I do this I get a not configured exception raised.
First, get the latest version of the script from https://www.msapiro.net/scripts/clean_users.py - not the one in this threat attached to https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
Then, you need to change `/opt/mailman/mm` in three places to `/etc/mailman3` as in ``` --- /opt/mailman/mm/bin/clean_users.py 2021-05-08 20:03:31.657565251 -0700 +++ clean_users.py 2023-03-31 15:48:31.772383287 -0700 @@ -2,13 +2,13 @@ import os import sys
-sys.path.insert(0, '/opt/mailman/mm') +sys.path.insert(0, '/etc/mailman3') # The above line is required. The next line doesn't hurt, but it doesn't work # because the PYTHONPATH environment setting is processed by Python's setup # and must be in the environment when Python starts to be effective. -os.environ['PYTHONPATH'] = '/opt/mailman/mm' +os.environ['PYTHONPATH'] = '/etc/mailman3' os.environ['DJANGO_SETTINGS_MODULE'] = 'settings' -os.environ['MAILMAN_CONFIG_FILE'] = '/opt/mailman/mm/mailman.cfg' +os.environ['MAILMAN_CONFIG_FILE'] = '/etc/mailman3/mailman.cfg'
import django django.setup() ``` Also, look at this ``` # If we delete the Django user and there is a Mailman user with no memberships # shall we delete the Mailman user too. DELETE_MAILMAN_USER = False # Shall we delete the Django user if there is a Mailman user with no # memberships or only if there is no Mailman user. DELETE_DJANGO_IF_MAILMAN = True ``` and consider whether you want to set `DELETE_MAILMAN_USER = True` to also delete the Mailman user if any, and/or set `DELETE_DJANGO_IF_MAILMAN = False` to not delete the django user if there is a Mailman user with no memberships.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
_______________________________________________ Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to hansen@rc.org
On 3/31/23 17:01, Allan Hansen wrote:
Mark,
Will this be part of an upcoming update or micro update to Mailman?
It might be in Mailman's contrib directory at some point, but probably not.
There are many scripts at https://www.msapiro.net/scripts/ (mirrored at https://fog.ccsf.edu/~msapiro/scripts/) that people may find useful. These are mostly things that I have developed in response to mailing list questions or for my own purposes and the majority are Mailman 2.1 specific. They were never intended to be part of a release.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (6)
-
Allan Hansen -
Andrew Hodgson -
Brian Carpenter -
Mark Sapiro -
Odhiambo Washington -
r.woithe@callassoftware.com